Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1527893
MD5:	e445bf16aa010ce6cd1079021d59ef2a
SHA1:	13f832e2face0f387314aeb16f78ba5c4eb30eb9
SHA256:	dac1c056057161be27bf75ef6200ddb5a632d61a039edb7ab9512a8d84bda2fd
Tags:	exeuser-Bitsight
Infos:

Detection

Credential Flusher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Credential Flusher

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

Found API chain indicative of sandbox detection

Machine Learning detection for sample

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Sample execution stops while process was sleeping (likely an evasion)

Sleep loop found (likely to delay execution)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Classification

Process Tree

System is w10x64

file.exe (PID: 7076 cmdline: "C:\Users\user\Desktop\file.exe" MD5: E445BF16AA010CE6CD1079021D59EF2A)

taskkill.exe (PID: 7160 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6668 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4028 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 3068 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 3844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5560 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 3668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 1880 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6768 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1616,i,10676587274302744520,10063467420524818103,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5424 --field-trial-handle=1616,i,10676587274302744520,10063467420524818103,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7744 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=1616,i,10676587274302744520,10063467420524818103,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.3373581644.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
Process Memory Space: file.exe PID: 7076	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security

String found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 519sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_157.16.dr	String found in binary or memory: https://accounts.google.com
Source: chromecache_157.16.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: chromecache_169.16.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_157.16.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_157.16.dr	String found in binary or memory: https://families.google.com/intl/
Source: chromecache_169.16.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_169.16.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_157.16.dr	String found in binary or memory: https://g.co/recover
Source: chromecache_157.16.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_157.16.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_157.16.dr	String found in binary or memory: https://play.google/intl/
Source: chromecache_157.16.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_157.16.dr	String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_157.16.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_157.16.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_157.16.dr	String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_157.16.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_157.16.dr	String found in binary or memory: https://policies.google.com/terms/location
Source: chromecache_157.16.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_169.16.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
Source: chromecache_157.16.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_157.16.dr	String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_157.16.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_169.16.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_157.16.dr	String found in binary or memory: https://www.google.com
Source: chromecache_157.16.dr	String found in binary or memory: https://www.google.com/intl/
Source: chromecache_169.16.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_169.16.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_169.16.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_169.16.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_169.16.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_169.16.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_157.16.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_157.16.dr	String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: file.exe, 00000000.00000002.3373581644.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2146550054.00000000003B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: chromecache_157.16.dr	String found in binary or memory: https://youtube.com/t/terms?gl=

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50612
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50611
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50614
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50613
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50616
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50615
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50739
Source: unknown	Network traffic detected: HTTP traffic on port 50806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50859
Source: unknown	Network traffic detected: HTTP traffic on port 50749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50850
Source: unknown	Network traffic detected: HTTP traffic on port 50726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50851
Source: unknown	Network traffic detected: HTTP traffic on port 50670 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50619
Source: unknown	Network traffic detected: HTTP traffic on port 50750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50623
Source: unknown	Network traffic detected: HTTP traffic on port 50635 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50622
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50625
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50867
Source: unknown	Network traffic detected: HTTP traffic on port 50578 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50624
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50745
Source: unknown	Network traffic detected: HTTP traffic on port 50853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50627
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50626
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50629
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50628
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50621
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50620
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50741
Source: unknown	Network traffic detected: HTTP traffic on port 50761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50862
Source: unknown	Network traffic detected: HTTP traffic on port 50600 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50589 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50646 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50755
Source: unknown	Network traffic detected: HTTP traffic on port 50875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50633
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50636
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50757
Source: unknown	Network traffic detected: HTTP traffic on port 50852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50635
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50638
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50637
Source: unknown	Network traffic detected: HTTP traffic on port 50657 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50639
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50630
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50632
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50752
Source: unknown	Network traffic detected: HTTP traffic on port 50762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50873
Source: unknown	Network traffic detected: HTTP traffic on port 50714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50601 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50644
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50647
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50646
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50649
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50648
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50769
Source: unknown	Network traffic detected: HTTP traffic on port 50830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50760
Source: unknown	Network traffic detected: HTTP traffic on port 50784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50641
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50640
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50882
Source: unknown	Network traffic detected: HTTP traffic on port 50612 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50643
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50642
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50884
Source: unknown	Network traffic detected: HTTP traffic on port 50623 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50816
Source: unknown	Network traffic detected: HTTP traffic on port 50831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50815
Source: unknown	Network traffic detected: HTTP traffic on port 50819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50579 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50591 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50819
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50622 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50821
Source: unknown	Network traffic detected: HTTP traffic on port 50683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50822
Source: unknown	Network traffic detected: HTTP traffic on port 50656 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50826
Source: unknown	Network traffic detected: HTTP traffic on port 50748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50828
Source: unknown	Network traffic detected: HTTP traffic on port 50759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50709
Source: unknown	Network traffic detected: HTTP traffic on port 50772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50711
Source: unknown	Network traffic detected: HTTP traffic on port 50611 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50830
Source: unknown	Network traffic detected: HTTP traffic on port 50672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50567 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50718
Source: unknown	Network traffic detected: HTTP traffic on port 50808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50839
Source: unknown	Network traffic detected: HTTP traffic on port 50865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50601
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50600
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50602
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50723
Source: unknown	Network traffic detected: HTTP traffic on port 50794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50605
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50604
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50607
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50606
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50848
Source: unknown	Network traffic detected: HTTP traffic on port 50633 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50841
Source: unknown	Network traffic detected: HTTP traffic on port 50876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50840
Source: unknown	Network traffic detected: HTTP traffic on port 50887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50590 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50609
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50608
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50729
Source: unknown	Network traffic detected: HTTP traffic on port 50644 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50579
Source: unknown	Network traffic detected: HTTP traffic on port 50684 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50578
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50699
Source: unknown	Network traffic detected: HTTP traffic on port 50850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50692
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50691
Source: unknown	Network traffic detected: HTTP traffic on port 50655 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50694
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50693
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50696
Source: unknown	Network traffic detected: HTTP traffic on port 50632 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50695
Source: unknown	Network traffic detected: HTTP traffic on port 50873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50697
Source: unknown	Network traffic detected: HTTP traffic on port 50838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50589
Source: unknown	Network traffic detected: HTTP traffic on port 50769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50582
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50584
Source: unknown	Network traffic detected: HTTP traffic on port 50723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50583
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50586
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50585
Source: unknown	Network traffic detected: HTTP traffic on port 50782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50592 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50591
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50590
Source: unknown	Network traffic detected: HTTP traffic on port 50608 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50621 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50609 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50593
Source: unknown	Network traffic detected: HTTP traffic on port 50558 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50592
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50595
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50594
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50597
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50596
Source: unknown	Network traffic detected: HTTP traffic on port 50747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50643 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50620 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50685 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50654 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50656
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50655
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50658
Source: unknown	Network traffic detected: HTTP traffic on port 50768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50657
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50659
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50890
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50650
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50771
Source: unknown	Network traffic detected: HTTP traffic on port 50594 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50652
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50651
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50654
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50653
Source: unknown	Network traffic detected: HTTP traffic on port 50745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50774
Source: unknown	Network traffic detected: HTTP traffic on port 50863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50607 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50667
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50788
Source: unknown	Network traffic detected: HTTP traffic on port 50792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50666
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50669
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50668
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50789
Source: unknown	Network traffic detected: HTTP traffic on port 50805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50780
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50661
Source: unknown	Network traffic detected: HTTP traffic on port 50702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50660
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50663
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50662
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50665
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50664
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50785
Source: unknown	Network traffic detected: HTTP traffic on port 50816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50642 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50663 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50678
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50677
Source: unknown	Network traffic detected: HTTP traffic on port 50791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50558
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50679
Source: unknown	Network traffic detected: HTTP traffic on port 50686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50670
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50791
Source: unknown	Network traffic detected: HTTP traffic on port 50701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50793
Source: unknown	Network traffic detected: HTTP traffic on port 50653 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50671
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50792
Source: unknown	Network traffic detected: HTTP traffic on port 50619 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50674
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50552
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50673
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50676
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50797
Source: unknown	Network traffic detected: HTTP traffic on port 50630 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50675
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50796
Source: unknown	Network traffic detected: HTTP traffic on port 50779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50582 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50689
Source: unknown	Network traffic detected: HTTP traffic on port 50851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50567
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50688
Source: unknown	Network traffic detected: HTTP traffic on port 50828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50681
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50680
Source: unknown	Network traffic detected: HTTP traffic on port 50593 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50683
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50682
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50685
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50563
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50684
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50687
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50686
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50565
Source: unknown	Network traffic detected: HTTP traffic on port 50746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50690
Source: unknown	Network traffic detected: HTTP traffic on port 50757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50641 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50584 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50664 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50652 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50595 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50629 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50628 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50583 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50665 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50606 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50640 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50651 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50662 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50639 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50585 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50604 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50596 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50638 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50666 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50605 -> 443

Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:50565 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:50567 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.4:50578 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.4:50699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.4:50700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.4:50755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:50768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.4:50883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.4:50882 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.4:50884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.4:50886 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.4:50885 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006DEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_006DEAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006DED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_006DED6A

Source: C:\Users\user\Desktop\file.exe

0_2_006DEAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006CAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

0_2_006CAA57

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006F9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_006F9576

System Summary

Binary is likely a compiled AutoIt script file

Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_4be0aebf-f
Source: file.exe, 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_16c7626e-d
Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_b2bce244-9
Source: file.exe	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_8a542f3a-7

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006CD5EB: CreateFileW,DeviceIoControl,CloseHandle,

0_2_006CD5EB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006C1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_006C1201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006CE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_006CE8F6

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0066BF40	0_2_0066BF40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00668060	0_2_00668060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006D2046	0_2_006D2046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006C8298	0_2_006C8298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0069E4FF	0_2_0069E4FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0069676B	0_2_0069676B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006F4873	0_2_006F4873
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0066CAF0	0_2_0066CAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0068CAA0	0_2_0068CAA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067CC39	0_2_0067CC39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00696DD9	0_2_00696DD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067D064	0_2_0067D064
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067B119	0_2_0067B119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006691C0	0_2_006691C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00681394	0_2_00681394
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00681706	0_2_00681706
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0068781B	0_2_0068781B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067997D	0_2_0067997D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00667920	0_2_00667920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006819B0	0_2_006819B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00687A4A	0_2_00687A4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00681C77	0_2_00681C77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00687CA7	0_2_00687CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006EBE44	0_2_006EBE44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00699EEE	0_2_00699EEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00681F32	0_2_00681F32

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00680A30 appears 46 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0067F9F2 appears 31 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal72.troj.evad.winEXE@46/30@12/8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006D37B5 GetLastError,FormatMessageW,

0_2_006D37B5

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006C10BF AdjustTokenPrivileges,CloseHandle,		0_2_006C10BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006C16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		0_2_006C16C3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006D51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_006D51CD

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006EA67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_006EA67C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006D648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

0_2_006D648E

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006642A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_006642A2

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3668:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6576:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7144:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3844:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7060:120:WilError_03

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 23%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1616,i,10676587274302744520,10063467420524818103,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5424 --field-trial-handle=1616,i,10676587274302744520,10063467420524818103,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=1616,i,10676587274302744520,10063467420524818103,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1616,i,10676587274302744520,10063467420524818103,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5424 --field-trial-handle=1616,i,10676587274302744520,10063467420524818103,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=1616,i,10676587274302744520,10063467420524818103,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_006642DE

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006AE859 push 00000000h; ret	0_2_006AE8FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006AE8FF push 00000000h; ret	0_2_006AE901
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00680A76 push ecx; ret	0_2_00680A89
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0066900A push 00000000h; iretd	0_2_0066900C

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_0067F98E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006F1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_006F1C41

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\Desktop\file.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_0-94677

Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 7021			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window / User API: foregroundWindowGot 1707			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

API coverage: 3.4 %

Source: C:\Users\user\Desktop\file.exe TID: 7084	Thread sleep count: 7021 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7084	Thread sleep time: -70210s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7084	Thread sleep count: 146 > 30	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\file.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

Thread sleep count: Count: 7021 delay: -10

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006CDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	0_2_006CDBBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006D68EE FindFirstFileW,FindClose,	0_2_006D68EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006D698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	0_2_006D698F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006CD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_006CD076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006CD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_006CD3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006D9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_006D9642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006D979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_006D979D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006D9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_006D9B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006D5C97 FindFirstFileW,FindNextFileW,FindClose,	0_2_006D5C97

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_006642DE

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006DEAA2 BlockInput,

0_2_006DEAA2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00692622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00692622

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_006642DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00684CE8 mov eax, dword ptr fs:[00000030h]

0_2_00684CE8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006C0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

0_2_006C0B62

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00692622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00692622
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0068083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0068083F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006809D5 SetUnhandledExceptionFilter,	0_2_006809D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00680C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00680C21

Source: C:\Users\user\Desktop\file.exe

0_2_006C1201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006A2BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_006A2BA5

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006CB226 SendInput,keybd_event,

0_2_006CB226

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006E22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

0_2_006E22DA

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_006C0B62

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006C1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_006C1663

Source: file.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00680698 cpuid

0_2_00680698

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006D8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,

0_2_006D8195

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006BD27A GetUserNameW,

0_2_006BD27A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0069BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_0069BB6F

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_006642DE

Stealing of Sensitive Information

Yara detected Credential Flusher

Source: Yara match	File source: 00000000.00000002.3373581644.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7076, type: MEMORYSTR

Source: file.exe	Binary or memory string: WIN_81
Source: file.exe	Binary or memory string: WIN_XP
Source: file.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe	Binary or memory string: WIN_XPe
Source: file.exe	Binary or memory string: WIN_VISTA
Source: file.exe	Binary or memory string: WIN_7
Source: file.exe	Binary or memory string: WIN_8

Remote Access Functionality

Yara detected Credential Flusher

Source: Yara match	File source: 00000000.00000002.3373581644.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7076, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006E1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		0_2_006E1204
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006E1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		0_2_006E1806

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	2 Disable or Modify Tools	21 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	21 Input Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Valid Accounts	2 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	3 Clipboard Data	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	16 System Information Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	2 Process Injection	2 Valid Accounts	LSA Secrets	12 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	12 Virtualization/Sandbox Evasion	Cached Domain Credentials	12 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Access Token Manipulation	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Process Injection	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	24%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://play.google/intl/	0%	URL Reputation	safe
https://families.google.com/intl/	0%	URL Reputation	safe
https://policies.google.com/technologies/location-data	0%	URL Reputation	safe
https://apis.google.com/js/api.js	0%	URL Reputation	safe
https://policies.google.com/privacy/google-partners	0%	URL Reputation	safe
https://policies.google.com/terms/service-specific	0%	URL Reputation	safe
https://g.co/recover	0%	URL Reputation	safe
https://policies.google.com/privacy/additional	0%	URL Reputation	safe
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	0%	URL Reputation	safe
https://policies.google.com/technologies/cookies	0%	URL Reputation	safe
https://policies.google.com/terms	0%	URL Reputation	safe
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	0%	URL Reputation	safe
https://support.google.com/accounts?hl=	0%	URL Reputation	safe
https://policies.google.com/terms/location	0%	URL Reputation	safe
https://policies.google.com/privacy	0%	URL Reputation	safe
https://support.google.com/accounts?p=new-si-ui	0%	URL Reputation	safe
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
youtube-ui.l.google.com	142.250.185.206	true	false	unknown
www3.l.google.com	172.217.18.14	true	false	unknown
play.google.com	142.250.185.142	true	false	unknown
www.google.com	142.250.185.196	true	false	unknown
youtube.com	142.250.186.78	true	false	unknown
accounts.youtube.com	unknown	unknown	false	unknown
www.youtube.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://tse1.mm.bing.net/th?id=OADD2.10239355035240_1LIDBG5VEHXCVNZ8Y&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	unknown
https://tse1.mm.bing.net/th?id=OADD2.10239340783930_1HFAOTIQ1IDVU62AB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	unknown
https://tse1.mm.bing.net/th?id=OADD2.10239355035239_1NE5QON2H0G5IVA3Y&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	unknown
https://play.google.com/log?format=json&hasfast=true&authuser=0	false	unknown
https://www.google.com/favicon.ico	false	unknown
https://play.google.com/log?hasfast=true&authuser=0&format=json	false	unknown
https://tse1.mm.bing.net/th?id=OADD2.10239340783931_1YZB0VJW9326XBLXJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	unknown
https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	unknown
https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://play.google/intl/	chromecache_157.16.dr	false	URL Reputation: safe	unknown
https://families.google.com/intl/	chromecache_157.16.dr	false	URL Reputation: safe	unknown
https://youtube.com/t/terms?gl=	chromecache_157.16.dr	false		unknown
https://policies.google.com/technologies/location-data	chromecache_157.16.dr	false	URL Reputation: safe	unknown
https://www.google.com/intl/	chromecache_157.16.dr	false		unknown
https://apis.google.com/js/api.js	chromecache_169.16.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/google-partners	chromecache_157.16.dr	false	URL Reputation: safe	unknown
https://play.google.com/work/enroll?identifier=	chromecache_157.16.dr	false		unknown
https://policies.google.com/terms/service-specific	chromecache_157.16.dr	false	URL Reputation: safe	unknown
https://g.co/recover	chromecache_157.16.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/additional	chromecache_157.16.dr	false	URL Reputation: safe	unknown
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	chromecache_157.16.dr	false	URL Reputation: safe	unknown
https://policies.google.com/technologies/cookies	chromecache_157.16.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms	chromecache_157.16.dr	false	URL Reputation: safe	unknown
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	chromecache_169.16.dr	false	URL Reputation: safe	unknown
https://www.google.com	chromecache_157.16.dr	false		unknown
https://play.google.com/log?format=json&hasfast=true	chromecache_157.16.dr	false		unknown
https://www.youtube.com/t/terms?chromeless=1&hl=	chromecache_157.16.dr	false		unknown
https://support.google.com/accounts?hl=	chromecache_157.16.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms/location	chromecache_157.16.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy	chromecache_157.16.dr	false	URL Reputation: safe	unknown
https://support.google.com/accounts?p=new-si-ui	chromecache_157.16.dr	false	URL Reputation: safe	unknown
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	chromecache_157.16.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.78	youtube.com	United States	15169	GOOGLEUS	false
142.250.185.206	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false
172.217.18.14	www3.l.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.196	www.google.com	United States	15169	GOOGLEUS	false
142.250.185.142	play.google.com	United States	15169	GOOGLEUS	false
142.250.186.110	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1527893
Start date and time:	2024-10-07 11:20:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	32
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal72.troj.evad.winEXE@46/30@12/8
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 96% Number of executed functions: 38 Number of non-executed functions: 314
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.67, 142.250.186.142, 64.233.167.84, 34.104.35.123, 142.250.184.195, 142.250.185.163, 142.250.184.202, 216.58.212.170, 142.250.185.234, 172.217.16.202, 216.58.206.74, 172.217.18.106, 142.250.186.106, 172.217.18.10, 142.250.186.74, 142.250.186.170, 142.250.184.234, 142.250.181.234, 142.250.185.138, 142.250.186.138, 142.250.74.202, 142.250.186.42, 142.250.185.106, 172.217.16.138, 142.250.185.170, 216.58.206.42, 142.250.185.74, 142.250.185.202, 20.223.35.26, 216.58.206.35, 64.233.166.84, 20.223.36.55, 142.250.186.46, 2.23.209.150, 2.23.209.140, 2.23.209.156, 2.23.209.142, 2.23.209.143, 2.23.209.135, 2.23.209.149, 2.23.209.133, 2.23.209.154
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, tse1.mm.bing.net, clientservices.googleapis.com, arc.msn.com, clients2.google.com, e86303.dscx.akamaiedge.net, www.bing.com.edgekey.net, login.live.com, update.googleapis.com, arc.trafficmanager.net, www.gstatic.com, optimizationguide-pa.googleapis.com, clients1.google.com, www.bing.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, fonts.gstatic.com, www-www.bing.com.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com, iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com, iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://tampoesdeferrofundido.com.br/redirect.php?v=2455b0ad034ad02	Get hash	malicious	Unknown	Browse
	https://sneamcomnnumnlty.com/h474823487284/geting/active	Get hash	malicious	Unknown	Browse
	https://nextmytelstraaucurelinkisityou.web.app/	Get hash	malicious	Unknown	Browse
	https://pub-3432fdbad0cc4319a435ac6e41d4a0f1.r2.dev/scrpt.html	Get hash	malicious	HTMLPhisher	Browse
	https://pub-7571f8ffd5b243f892961d4b09c69e36.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse
	https://pub-e8583bd7c3574b5b8171769cd95518de.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse
	https://pub-92d27a69cbfc4f16942faf2ba89c0aa3.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse
	https://pub-a58bcfc58507426ca38ee3be5a258dab.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse
	https://pub-93f0bb552d1f477b8d98e7b8c0eabb76.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse
	https://pub-c32e86b2348440f0b4bcf91d16f22053.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://sneamcomnnumnlty.com/h474823487284/geting/active	Get hash	malicious	Unknown	Browse	4.175.87.197 40.126.32.134 184.28.90.27 13.107.253.72
	https://nextmytelstraaucurelinkisityou.web.app/	Get hash	malicious	Unknown	Browse	4.175.87.197 40.126.32.134 184.28.90.27 13.107.253.72
	https://pub-3432fdbad0cc4319a435ac6e41d4a0f1.r2.dev/scrpt.html	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 40.126.32.134 184.28.90.27 13.107.253.72
	https://pub-7571f8ffd5b243f892961d4b09c69e36.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 40.126.32.134 184.28.90.27 13.107.253.72
	https://pub-e8583bd7c3574b5b8171769cd95518de.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 40.126.32.134 184.28.90.27 13.107.253.72
	https://pub-92d27a69cbfc4f16942faf2ba89c0aa3.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 40.126.32.134 184.28.90.27 13.107.253.72
	https://pub-a58bcfc58507426ca38ee3be5a258dab.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 40.126.32.134 184.28.90.27 13.107.253.72
	https://pub-93f0bb552d1f477b8d98e7b8c0eabb76.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 40.126.32.134 184.28.90.27 13.107.253.72
	https://pub-c32e86b2348440f0b4bcf91d16f22053.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 40.126.32.134 184.28.90.27 13.107.253.72
	https://pub-cc660360e3d14203be254963e70e6e85.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 40.126.32.134 184.28.90.27 13.107.253.72
6271f898ce5be7dd52b0fc260d0662b3	https://octo9.com.ng/Greula/	Get hash	malicious	Unknown	Browse	150.171.27.10
	https://beta.adiance.com/wp-content/plugins/arull.php?7088797967704b536932307464507a637a4c7a736c4d7a733752533837503155744a31586533634466584277413d1	Get hash	malicious	HTMLPhisher	Browse	150.171.27.10
	Payout Receipt.pptx	Get hash	malicious	HTMLPhisher	Browse	150.171.27.10
	Hollandco-File-871871493.pdf	Get hash	malicious	Unknown	Browse	150.171.27.10
	c42oX67S73.ps1	Get hash	malicious	Unknown	Browse	150.171.27.10
	PO20241003.xls	Get hash	malicious	Unknown	Browse	150.171.27.10
	https://ahchoadeegu.homes?u=k8pp605&o=c9ewtnr&t=8845	Get hash	malicious	Unknown	Browse	150.171.27.10
	QT2Q1292300924.xla.xlsx	Get hash	malicious	Unknown	Browse	150.171.27.10
	DHL Receipt_AWB 9892671327.xls	Get hash	malicious	Unknown	Browse	150.171.27.10
	Payment proof.xls	Get hash	malicious	Unknown	Browse	150.171.27.10

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (522)
Category:	downloaded
Size (bytes):	5050
Entropy (8bit):	5.30005628600801
Encrypted:	false
SSDEEP:	96:o75BuBxJfma7bGZABddEgf8nI4zLm4KGo8Vh1EabPVTq8fv/xRw:WHMmaX9r8Igp7nBlHo
MD5:	D9F15F1AEAF15673336FAA3507D1A2A7
SHA1:	FC79D00AF2E2D44FEBA701F12ECD4AFCA327F464
SHA-256:	AA3574ADCF3826390918BC2D5DCD88D7BC63238A6022DEF3487A67A731C30E7A
SHA-512:	D756961B6BFC478274E390B94D613BD837DA011D680FC6D67779A8E12C7F082EF977FC15D02C076F92BC1D2CE7EFDE48F82B4EC1BD12CF38AEDDAB1917E36041
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.oNa=_.z("wg1P6b",[_.XA,_.Fn,_.Nn]);._.k("wg1P6b");.var f6a;f6a=_.mh(["aria-"]);._.yJ=function(a){_.X.call(this,a.Fa);this.Ka=this.xa=this.aa=this.viewportElement=this.Na=null;this.Jc=a.Ea.ef;this.ab=a.Ea.focus;this.Fc=a.Ea.Fc;this.ea=this.Qi();a=-1*parseInt(_.Fo(this.Qi().el(),"marginTop")\|\|"0",10);var b=parseInt(_.Fo(this.Qi().el(),"marginBottom")\|\|"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.cf(this.getData("isMenuDynamic"),!1);b=_.cf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Wc(0),_.ku(this,.g6a(this,this.aa.el())));_.oF(this.oa())&&(a=this.oa().el(),b=this.we.bind(this),a.__soy_skip_handler=b)};_.J(_.yJ,_.X);_.yJ.Ba=function(){return{Ea:{ef:_.cF,focus:_.OE,Fc:_.uu}}};_.yJ.prototype.IF=function(a){var b=a.source;this.Na=b;var c;((c=a.data)==null?0:c.qz)?(a=a.data.qz,this.Ca=a==="MOUS

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5693)
Category:	downloaded
Size (bytes):	698852
Entropy (8bit):	5.594980353163612
Encrypted:	false
SSDEEP:	6144:TN3KfgnkxgOYoRvEoQvSXwojVlmGa/ZLJiH7ZkvgTa5PB1+UO5Hx+B8U2+:TUMkxgOENagFxJiyU+
MD5:	AA9FDCBE29C6D043DC83A7DAD848CCC3
SHA1:	E3F0A387A0A4B060620C975E1C70AA20294F3F22
SHA-256:	1A624C24D6D712C633F0B034606610DAD6B5AD7890FBFA3A9B204BD33207D60E
SHA-512:	C93878CE1281349204ABDB4444B18A12C03A010D1A252827EBFE45523E834988CE95D6E625FF82A60934D7A275AD8DAAC689E4412C5719ACCA8C9E1D4365B4D3
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
Preview:	"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (570)
Category:	downloaded
Size (bytes):	3467
Entropy (8bit):	5.508385764606741
Encrypted:	false
SSDEEP:	96:ogbsxK3SrI2Jrutmxy9FALtcP+EGYkxhclzV9xCw:Psc3OIpDj2ZYkxhATxX
MD5:	231ABD6E6C360E709640B399EDF85476
SHA1:	6CB98F38D9B6FDCF2E7D7C7682A219082F2E1E75
SHA-256:	44B5D535663C65CD2E6228EF1F0C3DBA9C89EAE5C1BF079A6C4C64972DEE989D
SHA-512:	D45455810B34493A05BA2DD7ADF24C0C009F4CF0898AE9C57978D38C8F2654CEEFC11D1C151BA72B902E0FA87537D43C37957DCAEC1792B5277B54C8E7BCCA3C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("Wt6vjf");.var fya=function(){var a=_.He();return _.Nj(a,1)},au=function(a){this.Da=_.t(a,0,au.messageId)};_.J(au,_.v);au.prototype.Ha=function(){return _.Fj(this,1)};au.prototype.Ua=function(a){return _.Xj(this,1,a)};au.messageId="f.bo";var bu=function(){_.km.call(this)};_.J(bu,_.km);bu.prototype.xd=function(){this.NT=!1;gya(this);_.km.prototype.xd.call(this)};bu.prototype.aa=function(){hya(this);if(this.JC)return iya(this),!1;if(!this.UV)return cu(this),!0;this.dispatchEvent("p");if(!this.HP)return cu(this),!0;this.NM?(this.dispatchEvent("r"),cu(this)):iya(this);return!1};.var jya=function(a){var b=new _.gp(a.b5);a.vQ!=null&&_.Mn(b,"authuser",a.vQ);return b},iya=function(a){a.JC=!0;var b=jya(a),c="rt=r&f_uid="+_.rk(a.HP);_.fn(b,(0,_.bg)(a.ea,a),"POST",c)};.bu.prototype.ea=function(a){a=a.target;hya(this);if(_.jn(a)){this.iK=0;if(this.NM)this.JC=!1,this.dispatchEvent("r"

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (533)
Category:	downloaded
Size (bytes):	9210
Entropy (8bit):	5.393248075042016
Encrypted:	false
SSDEEP:	192:t7mFYxV97I4Ia0U44rS3mt8IV7ydti6M5/1JlNg:t7vB7Il2t+dEF1JlNg
MD5:	2ED5BC88509286438B682EFF23518005
SHA1:	D5C8FD77BA3ED7F977A4AD0C85CF026D0F74F3E2
SHA-256:	F878D44B5CAC6BC95D638C13D0814C10E7D6CC145351ABA7945F53D8CB167979
SHA-512:	12F5415A482286C53631D09B5F50BA4AAA0957DB61904430E5B728777A15DC62428ED560847AB1DFEC459E302FB4D009D32CC1770EAD5425023CA48DF4640AA4
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vNa=_.z("SD8Jgb",[]);._.GX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.A)b=_.Za(b.Ku()),a.empty().append(b);else if(b instanceof _.Ua)b=_.Za(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Wf");};_.HX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.bMb=function(a){return a===null\|\|typeof a==="string"&&_.Ji(a)};._.k("SD8Jgb");._.MX=function(a){_.X.call(this,a.Fa);this.Va=a.controller.Va;this.od=a.controllers.od[0]\|\|null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null\|\|b.setAttribute("type","button")};_.J(_.MX,_.X);_.MX.Ba=function(){return{controller:{Va:{jsname:"n7vHCb",ctor:_.pv},header:{jsname:"tJHJj",ctor:_.pv},nav:{jsname:"DH6Rkf",ct

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (468)
Category:	downloaded
Size (bytes):	1858
Entropy (8bit):	5.297658905867848
Encrypted:	false
SSDEEP:	48:o7vjoGL3AeFkphnpiu7cOyBfO/3d/rYrv3Zrw:ofrLxFuLdyp2AVw
MD5:	B42DB3D22B12B8E3BE1B82961FE2870E
SHA1:	D9CFD11C1C2DE17A7E9301F11AD875B610B96576
SHA-256:	75DC40A81CEACB57940F84D2B29E021974C3004B245CC7198362CA944E9C4058
SHA-512:	EC0708797586F8F85EC8A0BBECA707D73778D93C12986B92965D1828B254D39485926354AEC4D73474BC5755E392B813D8045B19369FAE23B30BBD12E17F7053
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("iAskyc");._.QZ=function(a){_.W.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.QZ,_.W);_.QZ.Ba=function(){return{Ea:{window:_.tu,Mc:_.HE}}};_.QZ.prototype.Po=function(){};_.QZ.prototype.addEncryptionRecoveryMethod=function(){};_.RZ=function(a){return(a==null?void 0:a.Jo)\|\|function(){}};_.SZ=function(a){return(a==null?void 0:a.r3)\|\|function(){}};_.VPb=function(a){return(a==null?void 0:a.Qp)\|\|function(){}};._.WPb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.XPb=function(a){setTimeout(function(){throw a;},0)};_.QZ.prototype.qO=function(){return!0};_.qu(_.Dn,_.QZ);._.l();._.k("ziXSP");.var j_=function(a){_.QZ.call(this,a.Fa)};_.J(j_,_.QZ);j_.Ba=_.QZ.Ba;j_.prototype.Po=function(a,b,c){var d;if((d=this.window.chrome)==nu

Chrome Cache Entry: 161

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 162

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1694)
Category:	downloaded
Size (bytes):	32500
Entropy (8bit):	5.378121087555083
Encrypted:	false
SSDEEP:	768:OnTTScxIXeijt4aRZf4AEqTzQh2HIVVcYTVf79pew6cVEkAXtuWsmsL:iA4w4A4h2HIVVcMVf72QA9jOL
MD5:	57D7B0A2CE36496F05AFA27B39C1F219
SHA1:	418AD03C2E75AEAF188E2A00123B70E09D541656
SHA-256:	E247A1F5E564A248C92E39C040A06B9B3BEA50A130CC98F2787FB5E2441E0707
SHA-512:	78B135A69424F951AC7E3CCBDC4F496BCA0BE6A2312DC90DFA29032C7DB19455B7E35FEE57F470729EC5E86D52DC19037BB6404C27DF614A548DE409527866C2
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{.var Cua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=Cua.prototype;_.h.Zc=null;_.h.rZ=1E4;_.h.jA=!1;_.h.sQ=0;_.h.JJ=null;_.h.gV=null;_.h.setTimeout=function(a){this.rZ=a};_.h.start=function(){if(this.jA)throw Error("dc");this.jA=!0;this.sQ=0;Dua(this)};_.h.stop=function(){Eua(this);this.jA=!1};.var Dua=function(a){a.sQ++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.bg)(a.hH,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.bg)(a.Kja,a),a.aa.onerror=(0,_.bg)(a.Jja,a),a.aa.onabort=(0,_.bg)(a.Ija,a),a.JJ=_.om(a.Lja,a.rZ,a),a.aa.src=String(a.ka))};_.h=Cua.prototype;_.h.Kja=function(){this.hH(!0)};_.h.Jja=function(){this.hH(!1)};_.h.Ija=function(){this.hH(!1)};_.h.Lja=function(){this.hH(!1)};._.h.hH=function(a){Eua(this);a?(this.jA=!1,this.da.call(this.ea,!0)):this.sQ<=0?Dua(this):(this.jA=!1,

Chrome Cache Entry: 163

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
Category:	downloaded
Size (bytes):	52280
Entropy (8bit):	7.995413196679271
Encrypted:	true
SSDEEP:	1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
MD5:	F61F0D4D0F968D5BBA39A84C76277E1A
SHA1:	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
SHA-256:	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
SHA-512:	6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
Malicious:	false
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
Preview:	wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.\|(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.51w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e......71.?.7.ORv.?...l...G\|.P...\|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....\|..D.d..

Chrome Cache Entry: 164

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (755)
Category:	downloaded
Size (bytes):	1460
Entropy (8bit):	5.274624539239422
Encrypted:	false
SSDEEP:	24:kMYD7DUuXIqMSsN7UYgtx/mQ7hz1BU6TZ6BdXDMvUKGbWxlGb+jSFFV87Ofk8tp8:o7DhXI6PoXwsKGb2lGb+jS9Mwrw
MD5:	481C149C4D3EE4A53C3E7CBA067371DF
SHA1:	E0FED275636D3492C922C44F010157FAF0936733
SHA-256:	9327A53F577C5FCEFDB162E02D8646CE5B70DF2201F4B3289384657B32BACE70
SHA-512:	EC5C5A03ED4E1A27BEE7E1C488A238D79A9787D944E364CCE516FB28C22256919E49C99BFCFEA0F7815AB4232A350914E26D33D20F5A81ED19A39DFD40E30C79
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("lOO0Vd");._.b_a=new _.pf(_.Dm);._.l();._.k("P6sQOc");.var g_a=!!(_.Mh[1]&16);var i_a=function(a,b,c,d,e){this.ea=a;this.xa=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=h_a(this)},j_a=function(a){var b={};_.Ma(a.HS(),function(e){b[e]=!0});var c=a.uS(),d=a.yS();return new i_a(a.wP(),c.aa()1E3,a.bS(),d.aa()1E3,b)},h_a=function(a){return Math.random()Math.min(a.xaMath.pow(a.ka,a.aa),a.Ca)},SG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var TG=function(a){_.W.call(this,a.Fa);this.da=a.Ea.JV;this.ea=a.Ea.metadata;a=a.Ea.cha;this.fetch=a.fetch.bind(a)};_.J(TG,_.W);TG.Ba=function(){return{Ea:{JV:_.e_a,metadata:_.b_a,cha:_.VZa}}};TG.prototype.aa=function(a,b){if(this.ea.getType(a.Od())!==1)return _.Vm(a);var c=this.da.jV;return(c=c?j_a(c):null)&&SG(c)?_.zya(a,k_a(this,a,b,c)):_.Vm(a)};.var k_a=function(a,b,c,d){return c.then(function(e){return e},function(e)

Chrome Cache Entry: 165

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2907)
Category:	downloaded
Size (bytes):	23298
Entropy (8bit):	5.429186219736739
Encrypted:	false
SSDEEP:	384:+BitNeB9HVPQmqySWyvbbb/XEm6k1JTM2qzhOF0bCjOgiQBH2f+wl9nyf0zHwx:+BiHeB9Hecebbb/PONOFnjOgPBHgSywx
MD5:	A5C41D7BA22E9CF451810802AE5AC2E8
SHA1:	858F35134A0BD7BAECB1B1A30EC3645642214554
SHA-256:	D29364A1E9EDE91152F2CB84962B73644741817C9C6A615C1FB70A885DD1CB8D
SHA-512:	DEA28AD362B51832D33CD9E936C0A255FA32C20DFFC6E806DA7AAF657D3490AF079C40FE21E10B2FDC971EB066E51ABDA182DEDC156759CCE06440E456FEB316
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.xu.prototype.da=_.ca(40,function(){return _.tj(this,3)});_.cz=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.cz.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.dz=function(){this.ka=!0;var a=_.xj(_.fk(_.Be("TSDtV",window),_.Cya),_.xu,1,_.sj())[0];if(a){var b={};for(var c=_.n(_.xj(a,_.Dya,2,_.sj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Lj(d,1).toString();switch(_.vj(d,_.yu)){case 3:b[e]=_.Jj(d,_.nj(d,_.yu,3));break;case 2:b[e]=_.Lj(d,_.nj(d,_.yu,2));break;case 4:b[e]=_.Mj(d,_.nj(d,_.yu,4));break;case 5:b[e]=_.Nj(d,_.nj(d,_.yu,5));break;case 6:b[e]=_.Rj(d,_.ff,6,_.yu);break;default:throw Error("jd`"+_.vj(d,_.yu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.dz.prototype.aa=function(a){if(!this.ka\|\|a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Be("nQyAE",window)){var b=_.Fya(a.flagName);if(b===null)a=a.de

Chrome Cache Entry: 166

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (683)
Category:	downloaded
Size (bytes):	3131
Entropy (8bit):	5.352056237104327
Encrypted:	false
SSDEEP:	48:o7hHD75byh9xqKP5jNQ8js63rAwrMNhYfmdpwoKLEy5aQW5Tx5v3MmFopMGIWO4x:oFD+95jOQr3AT7wRLDGD5flBb4Ew
MD5:	ADEF03127F74F5E6742B8CFA7B863F28
SHA1:	58D7C635582AF10E91EC047FD315FAF758AF51DA
SHA-256:	5FDD639E222F58AEB6178EB02583086BCC50ED219DEAA953D0E7984DD0E1FEDC
SHA-512:	3AC26E9569EE83298F386D551774F378D3E433A2C80C1D4BC7481C544605A2FA4943F6CBC8E97FBF8FE3C32C1EFB2A1CCAA01403819482FC7429538FDF2CA758
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kA=function(a){_.W.call(this,a.Fa)};_.J(kA,_.W);kA.Ba=_.W.Ba;kA.prototype.jS=function(a){return _.Ye(this,{Xa:{lT:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.ni(function(e){window._wjdc=function(f){d(f);e(dKa(f,b,a))}}):dKa(c,b,a)})};var dKa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.lT.jS(c)};.kA.prototype.aa=function(a,b){var c=_.Dra(b).Tj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d\|\|(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.af(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.qu(_.Lfa,kA);._.l();._.k("SNUn3");._.cKa=new _.pf(_.wg);._.l();._.k("RMhBfe");.var eKa=function(a){var b=_.wq(a);return b?new _.ni(function(c,d){var e=function(){b=_.wq(a);var f=_.Sfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

Chrome Cache Entry: 167

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (395)
Category:	downloaded
Size (bytes):	1608
Entropy (8bit):	5.271783084011668
Encrypted:	false
SSDEEP:	48:o726BiFP89yAxKz1TtMxII+eXww7D2bc+rw:oyMyAAz1WNd8vw
MD5:	45EA91A811A594F81B7F760DD14BE237
SHA1:	2C97782C6D5D0BCFB3676FF24AA1008251090DAE
SHA-256:	7488FF4710E7592F66BE1FAC090F73CB8F1D2D0794B57DEAC1798C5B309EE76F
SHA-512:	4F79A36857D5A8AF1E2F938EF92EA75C384DE4789972B068BE82EADAA442C538A65035CCE8665A7283137E2075B8FE4C1C9E7B2A36585491683B4869005B772A
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,ZDZcre,A7fCU"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("w9hDv");._.vg(_.Ila);_.iA=function(a){_.W.call(this,a.Fa);this.aa=a.Xa.cache};_.J(_.iA,_.W);_.iA.Ba=function(){return{Xa:{cache:_.gt}}};_.iA.prototype.execute=function(a){_.Bb(a,function(b){var c;_.$e(b)&&(c=b.eb.kc(b.kb));c&&this.aa.LG(c)},this);return{}};_.qu(_.Ola,_.iA);._.l();._.k("ZDZcre");.var jH=function(a){_.W.call(this,a.Fa);this.Xl=a.Ea.Xl;this.j4=a.Ea.metadata;this.aa=a.Ea.wt};_.J(jH,_.W);jH.Ba=function(){return{Ea:{Xl:_.OG,metadata:_.b_a,wt:_.LG}}};jH.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Bb(a,function(c){var d=b.j4.getType(c.Od())===2?b.Xl.Rb(c):b.Xl.fetch(c);return _.Bl(c,_.PG)?d.then(function(e){return _.Dd(e)}):d},this)};_.qu(_.Tla,jH);._.l();._.k("K5nYTd");._.a_a=new _.pf(_.Pla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var RG=function(a){_.W.call(this,a.Fa);this.aa=a.Ea.yQ};_.J(RG,_.W);RG.Ba=func

Chrome Cache Entry: 168

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	84
Entropy (8bit):	4.875266466142591
Encrypted:	false
SSDEEP:	3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
MD5:	87B6333E98B7620EA1FF98D1A837A39E
SHA1:	105DE6815B0885357DE1414BFC0D77FCC9E924EF
SHA-256:	DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
SHA-512:	867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
Preview:	Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

Chrome Cache Entry: 169

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (553)
Category:	downloaded
Size (bytes):	744742
Entropy (8bit):	5.792853825531523
Encrypted:	false
SSDEEP:	6144:x5bdWK/20rOQKKQtvqUGSGDdPSxdZqmguPH:pOeKGSpgu/
MD5:	D6A4595EF381156A4C38FC1268C40783
SHA1:	75B2E4139EE5014416D280B02E1F57724B0A4240
SHA-256:	9E6266EF7F49A5256F373AB78F9D0AE688CA964F542892F5FF0563F05AC6C676
SHA-512:	ACC3385A52ABFA53EE68286C86F2266C2BE7D12350F31AEFD91052616CF417207E5F27A31FEC5FB4B5DDA705C599DD0B724ACA88E9FF682289C3B473902CD79C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlEEvjRYpfMDihaNwG0swUsVgVpBIg/m=_b,_tp"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x2860c1c4, 0x2046d860, 0x39e1fc40, 0x14501e80, 0xe420, 0x0, 0x1a000000, 0x1d000003, 0xc, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,daa,Na,Ta,gaa,iaa,jb,qaa,waa,Caa,Haa,Kaa,Jb,Laa,Ob,Qb,Rb,Maa,Naa,Sb,Oaa,Paa,Qaa,Yb,Vaa,Xaa,ec,fc,gc,bba,cba,gba,jba,lba,mba,qba,tba,nba,sba,rba,pba,oba,uba,yba,Cba,Dba,Aba,Hc,Ic,Gba,Iba,Mba,Nba,Oba,Pba,Lba,Qba,Sba,dd,Uba,Vba,Xba,Zba,Yba,aca,bca,cca,dca,fca,eca,hca,ica,jca,kca,nca,

Chrome Cache Entry: 170

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (681)
Category:	downloaded
Size (bytes):	4067
Entropy (8bit):	5.3700036060139436
Encrypted:	false
SSDEEP:	96:G6mTOIiY1medWRQrf7VF6vtDgXJyA7oxcoTiw:3mTOImedWOVF6vtUJyA8xJ3
MD5:	FA701F5D7BEF5AF6B676F099A00A1140
SHA1:	4CA8594D1E845605E7F1242AD8E10FD3A41FA3BE
SHA-256:	F1F311E29B597B507EE761AE40185A9BE194BA6498F91DD2A69610EF765B554A
SHA-512:	D53CAD789CED1F1D05546CD9DDA662FF47DF4A9FE382F4936EB1579175B06A95770426E5A83C24EACE04014956F1971A6432D1FCB26F2A9E4B922D8A34FC9875
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
Preview:	"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vg(_.bqa);._.k("sOXFj");.var wu=function(a){_.W.call(this,a.Fa)};_.J(wu,_.W);wu.Ba=_.W.Ba;wu.prototype.aa=function(a){return a()};_.qu(_.aqa,wu);._.l();._.k("oGtAuc");._.Bya=new _.pf(_.bqa);._.l();._.k("q0xTif");.var vza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Lc=null,_.Gu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Su=function(a){_.nt.call(this,a.Fa);this.Qa=this.dom=null;if(this.rl()){var b=_.Cm(this.Wg(),[_.Hm,_.Gm]);b=_.pi([b[_.Hm],b[_.Gm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.ku(this,b)}this.Ra=a.lm.Dea};_.J(Su,_.nt);Su.Ba=function(){return{lm:{Dea:function(a){return _.Ue(a)}}}};Su.prototype.Bp=function(a){return this.Ra.Bp(a)};.Su.prototype.getData=function(a){return this.Ra.getData(a)};Su.prototype.uo=function(){_.Nt(this.d

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.583795965690533
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	919'040 bytes
MD5:	e445bf16aa010ce6cd1079021d59ef2a
SHA1:	13f832e2face0f387314aeb16f78ba5c4eb30eb9
SHA256:	dac1c056057161be27bf75ef6200ddb5a632d61a039edb7ab9512a8d84bda2fd
SHA512:	5e797701746de2128a10eb2eb2503ade8dc691d1e0a0f842aa5e79e5d1e4f19ac87c6d92933a64dcdbe5795ba4d57089ee0e5dc5aa9422872e8dd2939f5d0b21
SSDEEP:	24576:SqDEvCTbMWu7rQYlBQcBiT6rprG8ak1K:STvC/MTQYxsWR7ak
TLSH:	E6159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x420577
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67039EDF [Mon Oct 7 08:42:07 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	948cc502fe9226992dce9417f952fce3

Entrypoint Preview

Instruction
call 00007F6601425FC3h
jmp 00007F66014258CFh
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F6601425AADh
mov dword ptr [esi], 0049FDF0h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FDF8h
mov dword ptr [ecx], 0049FDF0h
ret
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F6601425A7Ah
mov dword ptr [esi], 0049FE0Ch
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FE14h
mov dword ptr [ecx], 0049FE0Ch
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
and dword ptr [eax], 00000000h
and dword ptr [eax+04h], 00000000h
push eax
mov eax, dword ptr [ebp+08h]
add eax, 04h
push eax
call 00007F660142866Dh
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
lea eax, dword ptr [ecx+04h]
mov dword ptr [ecx], 0049FDD0h
push eax
call 00007F66014286B8h
pop ecx
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
push eax
call 00007F66014286A1h
test byte ptr [ebp+08h], 00000001h
pop ecx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc8e64	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd4000	0x9bb4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xde000	0x7594	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb0ff0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc3400	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb1010	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9c000	0x894	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x9ab1d	0x9ac00	0a1473f3064dcbc32ef93c5c8a90f3a6	False	0.565500681542811	data	6.668273581389308	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x9c000	0x2fb82	0x2fc00	c9cf2468b60bf4f80f136ed54b3989fb	False	0.35289185209424084	data	5.691811547483722	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xcc000	0x706c	0x4800	53b9025d545d65e23295e30afdbd16d9	False	0.04356553819444445	DOS executable (block device driver @\273\)	0.5846666986982398	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd4000	0x9bb4	0x9c00	4a12b6d8e91fc444cd7256a022b02d75	False	0.31660657051282054	data	5.332202175516127	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xde000	0x7594	0x7600	c68ee8931a32d45eb82dc450ee40efc3	False	0.7628111758474576	data	6.7972128181359786	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xd45a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xd46d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xd47f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xd4920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xd4c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xd4d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xd5bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xd6480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xd69e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xd8f90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xda038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xda4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xda4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xdaa84	0x68a	data	English	Great Britain	0.2735961768219833
RT_STRING	0xdb110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xdb5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xdbb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xdc1f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xdc660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xdc7b8	0xe7a	data			1.0029681597409605
RT_GROUP_ICON	0xdd634	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0xdd6ac	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xdd6c0	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xdd6d4	0x14	data	English	Great Britain	1.25
RT_VERSION	0xdd6e8	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0xdd7c4	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
WININET.dll	HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
USERENV.dll	DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
USER32.dll	GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
GDI32.dll	EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
COMDLG32.dll	GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
SHELL32.dll	DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
OLEAUT32.dll	CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 11:21:38.887938023 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 7, 2024 11:21:52.367705107 CEST	49736	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:21:52.367748022 CEST	443	49736	4.175.87.197	192.168.2.4
Oct 7, 2024 11:21:52.367830038 CEST	49736	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:21:52.380558968 CEST	49736	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:21:52.380574942 CEST	443	49736	4.175.87.197	192.168.2.4
Oct 7, 2024 11:21:53.170741081 CEST	443	49736	4.175.87.197	192.168.2.4
Oct 7, 2024 11:21:53.170824051 CEST	49736	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:21:53.176722050 CEST	49736	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:21:53.176738024 CEST	443	49736	4.175.87.197	192.168.2.4
Oct 7, 2024 11:21:53.177139997 CEST	443	49736	4.175.87.197	192.168.2.4
Oct 7, 2024 11:21:53.231806040 CEST	49736	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:21:53.363172054 CEST	49736	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:21:53.407397032 CEST	443	49736	4.175.87.197	192.168.2.4
Oct 7, 2024 11:21:53.620115042 CEST	443	49736	4.175.87.197	192.168.2.4
Oct 7, 2024 11:21:53.620134115 CEST	443	49736	4.175.87.197	192.168.2.4
Oct 7, 2024 11:21:53.620146036 CEST	443	49736	4.175.87.197	192.168.2.4
Oct 7, 2024 11:21:53.620193958 CEST	443	49736	4.175.87.197	192.168.2.4
Oct 7, 2024 11:21:53.620202065 CEST	443	49736	4.175.87.197	192.168.2.4
Oct 7, 2024 11:21:53.620209932 CEST	443	49736	4.175.87.197	192.168.2.4
Oct 7, 2024 11:21:53.620215893 CEST	49736	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:21:53.620239019 CEST	443	49736	4.175.87.197	192.168.2.4
Oct 7, 2024 11:21:53.620249033 CEST	443	49736	4.175.87.197	192.168.2.4
Oct 7, 2024 11:21:53.620270014 CEST	49736	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:21:53.620311022 CEST	49736	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:21:53.620852947 CEST	443	49736	4.175.87.197	192.168.2.4
Oct 7, 2024 11:21:53.620971918 CEST	443	49736	4.175.87.197	192.168.2.4
Oct 7, 2024 11:21:53.621068001 CEST	49736	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:21:53.631990910 CEST	49736	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:21:53.632026911 CEST	443	49736	4.175.87.197	192.168.2.4
Oct 7, 2024 11:21:53.632040977 CEST	49736	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:21:53.632046938 CEST	443	49736	4.175.87.197	192.168.2.4
Oct 7, 2024 11:21:54.884603977 CEST	50551	53	192.168.2.4	1.1.1.1
Oct 7, 2024 11:21:54.889451981 CEST	53	50551	1.1.1.1	192.168.2.4
Oct 7, 2024 11:21:54.889534950 CEST	50551	53	192.168.2.4	1.1.1.1
Oct 7, 2024 11:21:54.895363092 CEST	53	50551	1.1.1.1	192.168.2.4
Oct 7, 2024 11:21:55.382165909 CEST	50551	53	192.168.2.4	1.1.1.1
Oct 7, 2024 11:21:55.387433052 CEST	53	50551	1.1.1.1	192.168.2.4
Oct 7, 2024 11:21:55.387500048 CEST	50551	53	192.168.2.4	1.1.1.1
Oct 7, 2024 11:21:56.114285946 CEST	50552	443	192.168.2.4	142.250.186.78
Oct 7, 2024 11:21:56.114326954 CEST	443	50552	142.250.186.78	192.168.2.4
Oct 7, 2024 11:21:56.114386082 CEST	50552	443	192.168.2.4	142.250.186.78
Oct 7, 2024 11:21:56.122806072 CEST	50552	443	192.168.2.4	142.250.186.78
Oct 7, 2024 11:21:56.122821093 CEST	443	50552	142.250.186.78	192.168.2.4
Oct 7, 2024 11:21:56.764345884 CEST	443	50552	142.250.186.78	192.168.2.4
Oct 7, 2024 11:21:56.764770031 CEST	50552	443	192.168.2.4	142.250.186.78
Oct 7, 2024 11:21:56.764784098 CEST	443	50552	142.250.186.78	192.168.2.4
Oct 7, 2024 11:21:56.765213013 CEST	443	50552	142.250.186.78	192.168.2.4
Oct 7, 2024 11:21:56.765279055 CEST	50552	443	192.168.2.4	142.250.186.78
Oct 7, 2024 11:21:56.765934944 CEST	443	50552	142.250.186.78	192.168.2.4
Oct 7, 2024 11:21:56.765999079 CEST	50552	443	192.168.2.4	142.250.186.78
Oct 7, 2024 11:21:56.767051935 CEST	50552	443	192.168.2.4	142.250.186.78
Oct 7, 2024 11:21:56.767117977 CEST	443	50552	142.250.186.78	192.168.2.4
Oct 7, 2024 11:21:56.767208099 CEST	50552	443	192.168.2.4	142.250.186.78
Oct 7, 2024 11:21:56.767231941 CEST	443	50552	142.250.186.78	192.168.2.4
Oct 7, 2024 11:21:56.808840036 CEST	50552	443	192.168.2.4	142.250.186.78
Oct 7, 2024 11:21:57.047805071 CEST	443	50552	142.250.186.78	192.168.2.4
Oct 7, 2024 11:21:57.047910929 CEST	443	50552	142.250.186.78	192.168.2.4
Oct 7, 2024 11:21:57.047997952 CEST	50552	443	192.168.2.4	142.250.186.78
Oct 7, 2024 11:21:57.048850060 CEST	50552	443	192.168.2.4	142.250.186.78
Oct 7, 2024 11:21:57.048865080 CEST	443	50552	142.250.186.78	192.168.2.4
Oct 7, 2024 11:21:57.060309887 CEST	50558	443	192.168.2.4	142.250.185.206
Oct 7, 2024 11:21:57.060353041 CEST	443	50558	142.250.185.206	192.168.2.4
Oct 7, 2024 11:21:57.060653925 CEST	50558	443	192.168.2.4	142.250.185.206
Oct 7, 2024 11:21:57.060653925 CEST	50558	443	192.168.2.4	142.250.185.206
Oct 7, 2024 11:21:57.060686111 CEST	443	50558	142.250.185.206	192.168.2.4
Oct 7, 2024 11:21:57.729948997 CEST	443	50558	142.250.185.206	192.168.2.4
Oct 7, 2024 11:21:57.730299950 CEST	50558	443	192.168.2.4	142.250.185.206
Oct 7, 2024 11:21:57.730315924 CEST	443	50558	142.250.185.206	192.168.2.4
Oct 7, 2024 11:21:57.730709076 CEST	443	50558	142.250.185.206	192.168.2.4
Oct 7, 2024 11:21:57.730767012 CEST	50558	443	192.168.2.4	142.250.185.206
Oct 7, 2024 11:21:57.731417894 CEST	443	50558	142.250.185.206	192.168.2.4
Oct 7, 2024 11:21:57.731479883 CEST	50558	443	192.168.2.4	142.250.185.206
Oct 7, 2024 11:21:57.732516050 CEST	50558	443	192.168.2.4	142.250.185.206
Oct 7, 2024 11:21:57.732582092 CEST	443	50558	142.250.185.206	192.168.2.4
Oct 7, 2024 11:21:57.732800007 CEST	50558	443	192.168.2.4	142.250.185.206
Oct 7, 2024 11:21:57.732806921 CEST	443	50558	142.250.185.206	192.168.2.4
Oct 7, 2024 11:21:57.777621031 CEST	50558	443	192.168.2.4	142.250.185.206
Oct 7, 2024 11:21:58.032144070 CEST	443	50558	142.250.185.206	192.168.2.4
Oct 7, 2024 11:21:58.032167912 CEST	443	50558	142.250.185.206	192.168.2.4
Oct 7, 2024 11:21:58.032232046 CEST	443	50558	142.250.185.206	192.168.2.4
Oct 7, 2024 11:21:58.032253981 CEST	50558	443	192.168.2.4	142.250.185.206
Oct 7, 2024 11:21:58.032291889 CEST	50558	443	192.168.2.4	142.250.185.206
Oct 7, 2024 11:21:58.034308910 CEST	50558	443	192.168.2.4	142.250.185.206
Oct 7, 2024 11:21:58.034327030 CEST	443	50558	142.250.185.206	192.168.2.4
Oct 7, 2024 11:21:59.995872021 CEST	50563	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:21:59.995929003 CEST	443	50563	142.250.185.196	192.168.2.4
Oct 7, 2024 11:21:59.996095896 CEST	50563	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:21:59.996294022 CEST	50563	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:21:59.996320009 CEST	443	50563	142.250.185.196	192.168.2.4
Oct 7, 2024 11:22:00.649858952 CEST	443	50563	142.250.185.196	192.168.2.4
Oct 7, 2024 11:22:00.666255951 CEST	50563	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:22:00.666273117 CEST	443	50563	142.250.185.196	192.168.2.4
Oct 7, 2024 11:22:00.667418003 CEST	443	50563	142.250.185.196	192.168.2.4
Oct 7, 2024 11:22:00.667481899 CEST	50563	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:22:00.675414085 CEST	50563	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:22:00.675497055 CEST	443	50563	142.250.185.196	192.168.2.4
Oct 7, 2024 11:22:00.714924097 CEST	50563	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:22:00.714942932 CEST	443	50563	142.250.185.196	192.168.2.4
Oct 7, 2024 11:22:00.761780024 CEST	50563	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:22:00.929574013 CEST	50565	443	192.168.2.4	184.28.90.27
Oct 7, 2024 11:22:00.929640055 CEST	443	50565	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:00.929706097 CEST	50565	443	192.168.2.4	184.28.90.27
Oct 7, 2024 11:22:00.930839062 CEST	50565	443	192.168.2.4	184.28.90.27
Oct 7, 2024 11:22:00.930857897 CEST	443	50565	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:01.570528030 CEST	443	50565	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:01.570636034 CEST	50565	443	192.168.2.4	184.28.90.27
Oct 7, 2024 11:22:01.574507952 CEST	50565	443	192.168.2.4	184.28.90.27
Oct 7, 2024 11:22:01.574523926 CEST	443	50565	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:01.574814081 CEST	443	50565	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:01.615262032 CEST	50565	443	192.168.2.4	184.28.90.27
Oct 7, 2024 11:22:01.624280930 CEST	50565	443	192.168.2.4	184.28.90.27
Oct 7, 2024 11:22:01.671411037 CEST	443	50565	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:01.840321064 CEST	443	50565	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:01.840410948 CEST	443	50565	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:01.840701103 CEST	50565	443	192.168.2.4	184.28.90.27
Oct 7, 2024 11:22:01.842001915 CEST	50565	443	192.168.2.4	184.28.90.27
Oct 7, 2024 11:22:01.842025042 CEST	443	50565	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:01.919775963 CEST	50567	443	192.168.2.4	184.28.90.27
Oct 7, 2024 11:22:01.919814110 CEST	443	50567	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:01.919883013 CEST	50567	443	192.168.2.4	184.28.90.27
Oct 7, 2024 11:22:01.920949936 CEST	50567	443	192.168.2.4	184.28.90.27
Oct 7, 2024 11:22:01.920968056 CEST	443	50567	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:02.567423105 CEST	443	50567	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:02.567503929 CEST	50567	443	192.168.2.4	184.28.90.27
Oct 7, 2024 11:22:02.568720102 CEST	50567	443	192.168.2.4	184.28.90.27
Oct 7, 2024 11:22:02.568727016 CEST	443	50567	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:02.569745064 CEST	443	50567	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:02.571079016 CEST	50567	443	192.168.2.4	184.28.90.27
Oct 7, 2024 11:22:02.611399889 CEST	443	50567	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:02.840272903 CEST	443	50567	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:02.840342999 CEST	443	50567	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:02.840416908 CEST	50567	443	192.168.2.4	184.28.90.27
Oct 7, 2024 11:22:02.850245953 CEST	50567	443	192.168.2.4	184.28.90.27
Oct 7, 2024 11:22:02.850265980 CEST	443	50567	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:02.850272894 CEST	50567	443	192.168.2.4	184.28.90.27
Oct 7, 2024 11:22:02.850280046 CEST	443	50567	184.28.90.27	192.168.2.4
Oct 7, 2024 11:22:04.205049038 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:04.205091953 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:04.205213070 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:04.206320047 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:04.206338882 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:04.868046999 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:04.868139982 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:04.870023012 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:04.870032072 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:04.870313883 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:04.880767107 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:04.923410892 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:04.988785028 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:04.988806009 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:04.988821030 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:04.988915920 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:04.988929987 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:04.988996029 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.005479097 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:05.005521059 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.005625963 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:05.005985975 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:05.006002903 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.069845915 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.069871902 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.069932938 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.069953918 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.069996119 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.070008993 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.076626062 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.076644897 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.076733112 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.076752901 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.076925039 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.157640934 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.157666922 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.157713890 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.157738924 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.157752037 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.157804012 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.158495903 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.158515930 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.158565998 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.158574104 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.158607960 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.158626080 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.160211086 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.160233021 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.160289049 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.160296917 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.160409927 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.164177895 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.164199114 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.164244890 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.164258957 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.164283037 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.164304972 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.244501114 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.244518995 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.244571924 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.244596958 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.244680882 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.245243073 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.245261908 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.245321989 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.245333910 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.245651007 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.246088028 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.246104002 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.246138096 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.246146917 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.246181011 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.246198893 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.247077942 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.247095108 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.247147083 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.247159004 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.247185946 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.247215986 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.247915030 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.247930050 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.247967958 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.248013020 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.248020887 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.248229027 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.248673916 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.248687983 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.248753071 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.248761892 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.248785973 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.248806000 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.251669884 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.251777887 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.251787901 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.251827002 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.279131889 CEST	50578	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.279160976 CEST	443	50578	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.365120888 CEST	50582	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.365150928 CEST	443	50582	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.365231037 CEST	50582	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.367479086 CEST	50583	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.367516041 CEST	443	50583	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.367573023 CEST	50583	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.368002892 CEST	50584	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.368038893 CEST	443	50584	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.368166924 CEST	50584	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.369366884 CEST	50585	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.369399071 CEST	443	50585	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.369512081 CEST	50585	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.375037909 CEST	50586	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.375062943 CEST	443	50586	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.375133991 CEST	50586	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.375595093 CEST	50585	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.375606060 CEST	443	50585	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.375757933 CEST	50586	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.375768900 CEST	443	50586	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.375776052 CEST	50582	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.375797033 CEST	443	50582	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.375849009 CEST	50583	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.375864029 CEST	443	50583	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.375921965 CEST	50584	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:05.375940084 CEST	443	50584	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:05.651808023 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.654292107 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:05.654304028 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.654927969 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.655049086 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:05.655677080 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.655726910 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:05.671416998 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:05.671598911 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.672653913 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:05.672671080 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.717910051 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:05.969886065 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.969945908 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.970068932 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:05.970081091 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.970118999 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.970134020 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:05.970144033 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.970277071 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:05.976061106 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.976114988 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:05.982403994 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.982436895 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.982482910 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:05.982495070 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.982536077 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:05.988436937 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.988519907 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:05.994728088 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.994781971 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:05.994791985 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:05.994842052 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:06.039690971 CEST	443	50585	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.041507006 CEST	443	50584	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.053945065 CEST	443	50582	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.054008961 CEST	443	50586	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.058163881 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:06.058217049 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:06.058243990 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:06.058255911 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:06.058342934 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:06.058566093 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:06.058666945 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:06.064913988 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:06.064965963 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:06.064987898 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:06.064996958 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:06.065037012 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:06.067225933 CEST	443	50583	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.067625999 CEST	50586	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.067643881 CEST	443	50586	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.068150043 CEST	50586	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.068156004 CEST	443	50586	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.068248987 CEST	50583	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.068268061 CEST	443	50583	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.068525076 CEST	50585	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.068542004 CEST	443	50585	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.068645954 CEST	50583	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.068650007 CEST	443	50583	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.068918943 CEST	50584	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.068945885 CEST	443	50584	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.069323063 CEST	50585	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.069329023 CEST	443	50585	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.069372892 CEST	50584	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.069380045 CEST	443	50584	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.069690943 CEST	50582	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.069709063 CEST	443	50582	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.070113897 CEST	50582	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.070122004 CEST	443	50582	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.071161985 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:06.071274996 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:06.077438116 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:06.077506065 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:06.077517033 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:06.083884954 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:06.083965063 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:06.083976030 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:06.090167999 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:06.090271950 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:06.090285063 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:06.090435982 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:06.090545893 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:06.171785116 CEST	443	50584	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.171808958 CEST	443	50584	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.171884060 CEST	443	50584	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.171885014 CEST	50584	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.171957970 CEST	50584	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.172787905 CEST	443	50585	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.172815084 CEST	443	50585	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.172869921 CEST	50585	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.172883034 CEST	443	50585	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.172935009 CEST	443	50585	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.172976017 CEST	50585	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.173655987 CEST	443	50586	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.173708916 CEST	443	50586	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.173909903 CEST	50586	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.174320936 CEST	443	50582	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.174349070 CEST	443	50582	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.174534082 CEST	50582	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.174549103 CEST	443	50582	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.174603939 CEST	50582	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.174612045 CEST	443	50582	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.174623013 CEST	443	50582	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.174657106 CEST	50582	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.181581020 CEST	443	50583	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.181643963 CEST	443	50583	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.181729078 CEST	50583	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.203399897 CEST	50579	443	192.168.2.4	172.217.18.14
Oct 7, 2024 11:22:06.203428030 CEST	443	50579	172.217.18.14	192.168.2.4
Oct 7, 2024 11:22:06.255283117 CEST	50584	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.255327940 CEST	443	50584	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.255348921 CEST	50584	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.255356073 CEST	443	50584	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.259390116 CEST	50582	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.259390116 CEST	50582	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.259412050 CEST	443	50582	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.259424925 CEST	443	50582	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.260031939 CEST	50583	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.260031939 CEST	50583	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.260051966 CEST	443	50583	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.260062933 CEST	443	50583	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.262821913 CEST	50589	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.262856960 CEST	443	50589	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.262913942 CEST	50589	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.265784979 CEST	50589	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.265800953 CEST	443	50589	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.267431974 CEST	50585	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.267452955 CEST	443	50585	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.267467022 CEST	50585	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.267472982 CEST	443	50585	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.268289089 CEST	50586	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.268297911 CEST	443	50586	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.268309116 CEST	50586	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.268312931 CEST	443	50586	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.298235893 CEST	50590	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.298268080 CEST	443	50590	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.298365116 CEST	50590	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.307786942 CEST	50591	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:06.307809114 CEST	443	50591	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:06.308096886 CEST	50591	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:06.308214903 CEST	50592	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:06.308223963 CEST	443	50592	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:06.308270931 CEST	50592	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:06.308518887 CEST	50591	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:06.308532000 CEST	443	50591	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:06.308805943 CEST	50592	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:06.308816910 CEST	443	50592	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:06.309662104 CEST	50590	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.309678078 CEST	443	50590	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.327192068 CEST	50593	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.327214956 CEST	443	50593	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.327485085 CEST	50593	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.327485085 CEST	50593	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.327516079 CEST	443	50593	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.330693960 CEST	50594	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.330712080 CEST	443	50594	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.330776930 CEST	50594	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.330893040 CEST	50594	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.330905914 CEST	443	50594	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.331038952 CEST	50595	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.331083059 CEST	443	50595	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.331130981 CEST	50595	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.331768036 CEST	50595	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.331798077 CEST	443	50595	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.931850910 CEST	443	50589	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.932542086 CEST	50589	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.932585001 CEST	443	50589	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.933011055 CEST	50589	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.933017969 CEST	443	50589	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.939075947 CEST	443	50592	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:06.939443111 CEST	50592	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:06.939452887 CEST	443	50592	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:06.939835072 CEST	443	50592	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:06.939907074 CEST	50592	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:06.940618038 CEST	443	50592	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:06.940676928 CEST	50592	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:06.941700935 CEST	50592	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:06.941787958 CEST	443	50592	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:06.941962957 CEST	50592	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:06.941971064 CEST	443	50592	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:06.959501028 CEST	443	50590	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.960202932 CEST	50590	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.960218906 CEST	443	50590	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.960764885 CEST	50590	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.960769892 CEST	443	50590	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.960949898 CEST	443	50591	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:06.961190939 CEST	50591	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:06.961198092 CEST	443	50591	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:06.962203979 CEST	443	50591	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:06.962271929 CEST	50591	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:06.962897062 CEST	443	50591	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:06.962949991 CEST	50591	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:06.963295937 CEST	50591	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:06.963352919 CEST	443	50591	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:06.963491917 CEST	50591	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:06.963498116 CEST	443	50591	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:06.983231068 CEST	50592	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:06.984975100 CEST	443	50593	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.985454082 CEST	50593	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.985471964 CEST	443	50593	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.985910892 CEST	50593	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.985917091 CEST	443	50593	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.991925955 CEST	443	50594	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.992292881 CEST	50594	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.992309093 CEST	443	50594	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.992696047 CEST	50594	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.992702007 CEST	443	50594	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.995620966 CEST	443	50595	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.995944023 CEST	50595	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.995965004 CEST	443	50595	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:06.996436119 CEST	50595	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:06.996440887 CEST	443	50595	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.006124973 CEST	50591	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.040205002 CEST	443	50589	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.040371895 CEST	443	50589	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.040465117 CEST	50589	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.040498018 CEST	50589	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.040510893 CEST	443	50589	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.040532112 CEST	50589	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.040538073 CEST	443	50589	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.044743061 CEST	50596	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.044796944 CEST	443	50596	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.044962883 CEST	50596	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.045128107 CEST	50596	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.045144081 CEST	443	50596	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.067178011 CEST	443	50590	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.067244053 CEST	443	50590	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.067404985 CEST	50590	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.067456007 CEST	50590	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.067498922 CEST	443	50590	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.067517996 CEST	50590	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.067527056 CEST	443	50590	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.070328951 CEST	50597	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.070363045 CEST	443	50597	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.070628881 CEST	50597	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.070802927 CEST	50597	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.070816040 CEST	443	50597	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.095588923 CEST	443	50593	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.095649958 CEST	443	50593	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.095840931 CEST	50593	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.095865011 CEST	50593	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.095876932 CEST	443	50593	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.095887899 CEST	50593	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.095895052 CEST	443	50593	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.098547935 CEST	50600	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.098581076 CEST	443	50600	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.098758936 CEST	50600	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.098952055 CEST	50600	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.098977089 CEST	443	50600	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.105017900 CEST	443	50594	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.105070114 CEST	443	50594	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.105145931 CEST	50594	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.105278015 CEST	50594	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.105283976 CEST	443	50594	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.105299950 CEST	50594	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.105304956 CEST	443	50594	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.108591080 CEST	50601	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.108627081 CEST	443	50601	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.108695030 CEST	50601	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.108844995 CEST	50601	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.108865976 CEST	443	50601	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.111692905 CEST	443	50595	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.111854076 CEST	443	50595	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.111920118 CEST	50595	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.112045050 CEST	50595	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.112059116 CEST	443	50595	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.112068892 CEST	50595	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.112075090 CEST	443	50595	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.114272118 CEST	50602	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.114284039 CEST	443	50602	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.114350080 CEST	50602	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.114577055 CEST	50602	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.114595890 CEST	443	50602	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.242455006 CEST	443	50592	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.242567062 CEST	443	50592	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.242737055 CEST	50592	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.243593931 CEST	50592	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.243602991 CEST	443	50592	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.243622065 CEST	50592	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.243649960 CEST	50592	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.244957924 CEST	50604	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.244992971 CEST	443	50604	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.245044947 CEST	50604	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.245476007 CEST	50604	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.245491028 CEST	443	50604	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.262986898 CEST	443	50591	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.263284922 CEST	443	50591	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.263345003 CEST	50591	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.263592005 CEST	50591	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.263598919 CEST	443	50591	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.264741898 CEST	50605	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.264781952 CEST	443	50605	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.264909029 CEST	50605	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.265361071 CEST	50605	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.265372992 CEST	443	50605	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.703950882 CEST	443	50596	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.704651117 CEST	50596	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.704679012 CEST	443	50596	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.705368042 CEST	50596	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.705374002 CEST	443	50596	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.746172905 CEST	443	50597	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.746614933 CEST	50597	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.746625900 CEST	443	50597	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.747143030 CEST	50597	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.747148991 CEST	443	50597	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.747948885 CEST	443	50600	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.749505043 CEST	50600	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.749505043 CEST	50600	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.749531984 CEST	443	50600	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.749541044 CEST	443	50600	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.770998955 CEST	443	50602	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.771549940 CEST	50602	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.771579027 CEST	443	50602	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.772193909 CEST	50602	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.772207022 CEST	443	50602	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.800730944 CEST	443	50601	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.801456928 CEST	50601	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.801505089 CEST	443	50601	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.802068949 CEST	50601	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.802078009 CEST	443	50601	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.812470913 CEST	443	50596	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.812536955 CEST	443	50596	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.812650919 CEST	50596	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.812997103 CEST	50596	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.813009024 CEST	443	50596	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.813030958 CEST	50596	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.813035965 CEST	443	50596	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.826488972 CEST	50606	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.826534033 CEST	443	50606	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.826601028 CEST	50606	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.827054977 CEST	50606	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.827073097 CEST	443	50606	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.856097937 CEST	443	50597	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.856144905 CEST	443	50597	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.856197119 CEST	50597	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.856216908 CEST	443	50600	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.856350899 CEST	443	50600	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.856405020 CEST	50597	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.856422901 CEST	443	50597	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.856434107 CEST	50597	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.856441021 CEST	443	50597	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.856472969 CEST	50600	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.856520891 CEST	50600	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.856520891 CEST	50600	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.856534958 CEST	443	50600	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.856540918 CEST	443	50600	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.861470938 CEST	50607	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.861507893 CEST	443	50607	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.861602068 CEST	50607	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.861790895 CEST	50607	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.861804008 CEST	443	50607	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.863306999 CEST	50608	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.863342047 CEST	443	50608	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.863406897 CEST	50608	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.863573074 CEST	50608	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.863586903 CEST	443	50608	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.877424955 CEST	443	50602	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.877593994 CEST	443	50602	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.881936073 CEST	50602	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.897403955 CEST	50602	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.897448063 CEST	443	50602	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.902395964 CEST	50609	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.902436972 CEST	443	50609	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.902529001 CEST	50609	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.902872086 CEST	50609	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.902888060 CEST	443	50609	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.903733015 CEST	443	50605	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.913048983 CEST	443	50604	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.913117886 CEST	50605	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.913129091 CEST	443	50605	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.913456917 CEST	50604	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.913470030 CEST	443	50604	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.913963079 CEST	443	50604	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.914134026 CEST	50604	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.914556026 CEST	443	50605	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.914639950 CEST	50605	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.914963961 CEST	443	50604	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.915210009 CEST	50604	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.915210009 CEST	50604	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.915292025 CEST	443	50604	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.915406942 CEST	50604	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.915570974 CEST	50604	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.915577888 CEST	443	50604	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.917079926 CEST	443	50605	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:07.917133093 CEST	50605	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:07.917349100 CEST	443	50601	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.917402029 CEST	443	50601	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.917447090 CEST	50601	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.931564093 CEST	50601	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.931564093 CEST	50601	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:07.931608915 CEST	443	50601	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.931624889 CEST	443	50601	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:07.966587067 CEST	50604	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:08.111561060 CEST	50605	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:08.111732960 CEST	443	50605	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:08.124609947 CEST	50605	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:08.124629021 CEST	443	50605	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:08.124990940 CEST	50605	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:08.139859915 CEST	443	50604	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:08.141251087 CEST	443	50604	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:08.141623020 CEST	50604	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:08.144778013 CEST	50604	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:08.144799948 CEST	443	50604	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:08.157919884 CEST	50563	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:22:08.166203022 CEST	50611	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.166237116 CEST	443	50611	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.166347980 CEST	50611	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.166719913 CEST	50611	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.166732073 CEST	443	50611	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.171396971 CEST	443	50605	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:08.203397989 CEST	443	50563	142.250.185.196	192.168.2.4
Oct 7, 2024 11:22:08.423605919 CEST	443	50605	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:08.424462080 CEST	443	50605	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:08.424681902 CEST	50605	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:08.425913095 CEST	50605	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:08.425925016 CEST	443	50605	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:08.432898998 CEST	443	50563	142.250.185.196	192.168.2.4
Oct 7, 2024 11:22:08.432949066 CEST	443	50563	142.250.185.196	192.168.2.4
Oct 7, 2024 11:22:08.432984114 CEST	443	50563	142.250.185.196	192.168.2.4
Oct 7, 2024 11:22:08.432996035 CEST	50563	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:22:08.433012009 CEST	443	50563	142.250.185.196	192.168.2.4
Oct 7, 2024 11:22:08.433089972 CEST	50563	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:22:08.433095932 CEST	443	50563	142.250.185.196	192.168.2.4
Oct 7, 2024 11:22:08.433108091 CEST	443	50563	142.250.185.196	192.168.2.4
Oct 7, 2024 11:22:08.433155060 CEST	50563	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:22:08.433162928 CEST	443	50563	142.250.185.196	192.168.2.4
Oct 7, 2024 11:22:08.433173895 CEST	443	50563	142.250.185.196	192.168.2.4
Oct 7, 2024 11:22:08.433221102 CEST	50563	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:22:08.434286118 CEST	50563	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:22:08.434302092 CEST	443	50563	142.250.185.196	192.168.2.4
Oct 7, 2024 11:22:08.490720034 CEST	443	50606	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.491192102 CEST	50606	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.491230011 CEST	443	50606	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.491694927 CEST	50606	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.491704941 CEST	443	50606	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.520157099 CEST	443	50607	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.520657063 CEST	50607	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.520700932 CEST	443	50607	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.521099091 CEST	50607	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.521105051 CEST	443	50607	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.558377981 CEST	443	50608	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.558871031 CEST	50608	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.558881044 CEST	443	50608	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.559710026 CEST	50608	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.559719086 CEST	443	50608	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.572122097 CEST	443	50609	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.572669983 CEST	50609	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.572683096 CEST	443	50609	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.573215008 CEST	50609	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.573220968 CEST	443	50609	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.601141930 CEST	443	50606	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.601211071 CEST	443	50606	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.601284027 CEST	50606	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.601449966 CEST	50606	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.601469994 CEST	443	50606	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.601480961 CEST	50606	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.601486921 CEST	443	50606	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.606405973 CEST	50612	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.606422901 CEST	443	50612	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.607414007 CEST	50612	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.608280897 CEST	50612	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.608293056 CEST	443	50612	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.632119894 CEST	443	50607	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.632173061 CEST	443	50607	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.632339001 CEST	50607	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.632405043 CEST	50607	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.632405043 CEST	50607	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.632416010 CEST	443	50607	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.632425070 CEST	443	50607	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.635226965 CEST	50613	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.635257006 CEST	443	50613	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.635529995 CEST	50613	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.635660887 CEST	50613	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.635677099 CEST	443	50613	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.674678087 CEST	443	50608	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.674742937 CEST	443	50608	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.675019026 CEST	50608	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.675044060 CEST	50608	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.675055981 CEST	443	50608	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.675066948 CEST	50608	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.675072908 CEST	443	50608	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.678529978 CEST	50614	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.678544998 CEST	443	50614	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.678612947 CEST	50614	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.678746939 CEST	50614	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.678756952 CEST	443	50614	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.682713985 CEST	443	50609	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.682876110 CEST	443	50609	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.682969093 CEST	50609	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.683095932 CEST	50609	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.683109045 CEST	443	50609	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.683120012 CEST	50609	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.683125973 CEST	443	50609	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.686290979 CEST	50615	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.686307907 CEST	443	50615	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.686374903 CEST	50615	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.687211990 CEST	50615	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.687225103 CEST	443	50615	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.826293945 CEST	443	50611	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.827120066 CEST	50611	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.827132940 CEST	443	50611	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.827781916 CEST	50611	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.827788115 CEST	443	50611	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.937133074 CEST	443	50611	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.937196016 CEST	443	50611	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.937238932 CEST	50611	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.937525988 CEST	50611	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.937544107 CEST	443	50611	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.937557936 CEST	50611	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.937562943 CEST	443	50611	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.940848112 CEST	50616	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.940880060 CEST	443	50616	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:08.940943956 CEST	50616	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.941086054 CEST	50616	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:08.941099882 CEST	443	50616	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.274379969 CEST	443	50612	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.275410891 CEST	50612	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.275420904 CEST	443	50612	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.275924921 CEST	50612	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.275929928 CEST	443	50612	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.300590992 CEST	443	50613	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.301050901 CEST	50613	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.301074982 CEST	443	50613	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.301512003 CEST	50613	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.301518917 CEST	443	50613	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.361387014 CEST	443	50615	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.362046957 CEST	50615	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.362063885 CEST	443	50615	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.362503052 CEST	50615	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.362508059 CEST	443	50615	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.371782064 CEST	443	50614	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.372131109 CEST	50614	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.372148991 CEST	443	50614	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.372567892 CEST	50614	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.372575045 CEST	443	50614	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.390201092 CEST	443	50612	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.391587019 CEST	443	50612	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.391681910 CEST	50612	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.391681910 CEST	50612	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.391758919 CEST	50612	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.391779900 CEST	443	50612	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.394254923 CEST	50619	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.394299984 CEST	443	50619	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.394370079 CEST	50619	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.394534111 CEST	50619	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.394550085 CEST	443	50619	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.410438061 CEST	443	50613	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.410518885 CEST	443	50613	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.410567999 CEST	50613	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.410727024 CEST	50613	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.410742044 CEST	443	50613	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.410751104 CEST	50613	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.410758018 CEST	443	50613	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.413059950 CEST	50620	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.413083076 CEST	443	50620	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.413290024 CEST	50620	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.413290024 CEST	50620	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.413316011 CEST	443	50620	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.473404884 CEST	443	50615	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.473468065 CEST	443	50615	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.473525047 CEST	50615	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.473753929 CEST	50615	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.473782063 CEST	443	50615	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.473798990 CEST	50615	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.473809958 CEST	443	50615	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.477413893 CEST	50621	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.477444887 CEST	443	50621	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.477719069 CEST	50621	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.477719069 CEST	50621	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.477744102 CEST	443	50621	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.490500927 CEST	443	50614	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.490587950 CEST	443	50614	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.490650892 CEST	50614	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.491142988 CEST	50614	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.491158962 CEST	443	50614	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.491164923 CEST	50614	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.491170883 CEST	443	50614	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.496802092 CEST	50622	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.496829033 CEST	443	50622	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.496912956 CEST	50622	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.497148991 CEST	50622	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.497160912 CEST	443	50622	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.608076096 CEST	443	50616	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.608635902 CEST	50616	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.608675957 CEST	443	50616	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.609117985 CEST	50616	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.609124899 CEST	443	50616	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.717892885 CEST	443	50616	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.717959881 CEST	443	50616	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.718096972 CEST	50616	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.718208075 CEST	50616	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.718230009 CEST	443	50616	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.718240976 CEST	50616	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.718246937 CEST	443	50616	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.721453905 CEST	50623	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.721492052 CEST	443	50623	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:09.721710920 CEST	50623	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.721777916 CEST	50623	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:09.721793890 CEST	443	50623	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.043761015 CEST	443	50619	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.044358015 CEST	50619	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.044372082 CEST	443	50619	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.045120955 CEST	50619	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.045125961 CEST	443	50619	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.073306084 CEST	443	50620	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.073921919 CEST	50620	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.073934078 CEST	443	50620	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.074793100 CEST	50620	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.074800014 CEST	443	50620	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.133656025 CEST	443	50621	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.134207964 CEST	50621	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.134216070 CEST	443	50621	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.134774923 CEST	50621	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.134780884 CEST	443	50621	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.149908066 CEST	443	50622	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.150367975 CEST	50622	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.150376081 CEST	443	50622	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.150506020 CEST	443	50619	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.150562048 CEST	443	50619	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.150609970 CEST	50619	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.150758982 CEST	50619	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.150775909 CEST	443	50619	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.150787115 CEST	50619	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.150794029 CEST	443	50619	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.150942087 CEST	50622	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.150947094 CEST	443	50622	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.154455900 CEST	50624	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.154483080 CEST	443	50624	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.154649973 CEST	50624	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.154776096 CEST	50624	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.154793024 CEST	443	50624	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.182602882 CEST	443	50620	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.182739973 CEST	443	50620	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.182841063 CEST	50620	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.182871103 CEST	50620	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.182883024 CEST	443	50620	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.182899952 CEST	50620	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.182907104 CEST	443	50620	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.185417891 CEST	50625	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.185451031 CEST	443	50625	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.186378956 CEST	50625	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.186569929 CEST	50625	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.186582088 CEST	443	50625	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.248442888 CEST	443	50621	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.248511076 CEST	443	50621	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.248578072 CEST	50621	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.258555889 CEST	50621	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.258580923 CEST	443	50621	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.259139061 CEST	50621	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.259146929 CEST	443	50621	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.259340048 CEST	443	50622	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.259411097 CEST	443	50622	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.259527922 CEST	50622	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.260297060 CEST	50622	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.260308981 CEST	443	50622	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.260329008 CEST	50622	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.260334015 CEST	443	50622	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.272686958 CEST	50626	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.272716045 CEST	443	50626	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.272998095 CEST	50626	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.273622990 CEST	50627	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.273668051 CEST	443	50627	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.273776054 CEST	50626	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.273787975 CEST	443	50626	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.273802042 CEST	50627	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.273902893 CEST	50627	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.273920059 CEST	443	50627	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.325571060 CEST	443	50623	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.326330900 CEST	50623	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.326340914 CEST	443	50623	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.327400923 CEST	50623	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.327408075 CEST	443	50623	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.437905073 CEST	443	50623	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.437979937 CEST	443	50623	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.438057899 CEST	50623	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.661341906 CEST	50623	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.661341906 CEST	50623	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.661370039 CEST	443	50623	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.661385059 CEST	443	50623	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.670476913 CEST	50628	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.670510054 CEST	443	50628	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.670634985 CEST	50628	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.670825005 CEST	50628	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.670840979 CEST	443	50628	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.813621998 CEST	443	50624	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.814126968 CEST	50624	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.814157963 CEST	443	50624	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.815128088 CEST	50624	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.815134048 CEST	443	50624	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.855176926 CEST	443	50625	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.861313105 CEST	50625	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.861321926 CEST	443	50625	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.862095118 CEST	50625	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.862099886 CEST	443	50625	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.924885988 CEST	443	50624	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.924957037 CEST	443	50624	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.925213099 CEST	50624	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.927577972 CEST	443	50627	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.931605101 CEST	50624	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.931605101 CEST	50624	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.931628942 CEST	443	50624	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.931638956 CEST	443	50624	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.938482046 CEST	50627	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.938503027 CEST	443	50627	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.939199924 CEST	50627	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.939205885 CEST	443	50627	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.960470915 CEST	50629	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.960498095 CEST	443	50629	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.960557938 CEST	50629	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.961539984 CEST	50629	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.961559057 CEST	443	50629	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.966808081 CEST	443	50626	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.967365026 CEST	50626	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.967372894 CEST	443	50626	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.967952967 CEST	443	50625	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.968097925 CEST	443	50625	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.968158960 CEST	50625	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.968461037 CEST	50626	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.968466043 CEST	443	50626	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.968956947 CEST	50625	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.968969107 CEST	443	50625	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.971719027 CEST	50630	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.971738100 CEST	443	50630	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:10.971937895 CEST	50630	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.972078085 CEST	50630	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:10.972089052 CEST	443	50630	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.040010929 CEST	443	50627	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.040069103 CEST	443	50627	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.040174961 CEST	50627	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.040301085 CEST	50627	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.040321112 CEST	443	50627	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.040332079 CEST	50627	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.040338993 CEST	443	50627	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.045166016 CEST	50632	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.045211077 CEST	443	50632	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.045460939 CEST	50632	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.046220064 CEST	50632	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.046236038 CEST	443	50632	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.079521894 CEST	443	50626	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.079581022 CEST	443	50626	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.079853058 CEST	50626	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.079961061 CEST	50626	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.079973936 CEST	443	50626	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.079983950 CEST	50626	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.079989910 CEST	443	50626	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.082967043 CEST	50633	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.083024025 CEST	443	50633	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.083445072 CEST	50633	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.083561897 CEST	50633	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.083580971 CEST	443	50633	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.427680969 CEST	443	50628	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.433672905 CEST	50628	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.433696032 CEST	443	50628	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.433921099 CEST	50628	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.433928013 CEST	443	50628	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.537539005 CEST	443	50628	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.537602901 CEST	443	50628	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.537648916 CEST	50628	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.543694019 CEST	50628	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.543709993 CEST	443	50628	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.545574903 CEST	50628	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.545583963 CEST	443	50628	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.551716089 CEST	50635	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.551745892 CEST	443	50635	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.551876068 CEST	50635	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.552560091 CEST	50635	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.552576065 CEST	443	50635	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.622634888 CEST	443	50629	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.648957014 CEST	50629	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.648957014 CEST	50629	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.648973942 CEST	443	50629	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.648982048 CEST	443	50629	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.652998924 CEST	443	50630	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.653814077 CEST	50630	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.653814077 CEST	50630	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.653830051 CEST	443	50630	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.653836966 CEST	443	50630	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.713835001 CEST	443	50632	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.724620104 CEST	50632	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.724637985 CEST	443	50632	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.725119114 CEST	50632	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.725125074 CEST	443	50632	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.741295099 CEST	443	50633	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.741770029 CEST	50633	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.741786957 CEST	443	50633	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.742134094 CEST	50633	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.742140055 CEST	443	50633	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.756278992 CEST	443	50629	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.756439924 CEST	443	50629	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.756551981 CEST	50629	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.756663084 CEST	50629	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.756663084 CEST	50629	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.756678104 CEST	443	50629	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.756686926 CEST	443	50629	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.759973049 CEST	50636	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.760010004 CEST	443	50636	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.760135889 CEST	50636	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.760850906 CEST	50636	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.760863066 CEST	443	50636	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.768017054 CEST	443	50630	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.768178940 CEST	443	50630	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.768364906 CEST	50630	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.768591881 CEST	50630	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.768591881 CEST	50630	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.768601894 CEST	443	50630	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.768610001 CEST	443	50630	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.771368027 CEST	50637	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.771400928 CEST	443	50637	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.771611929 CEST	50637	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.771611929 CEST	50637	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.771644115 CEST	443	50637	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.827018976 CEST	443	50632	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.827090025 CEST	443	50632	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.827239990 CEST	50632	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.827362061 CEST	50632	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.827362061 CEST	50632	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.827380896 CEST	443	50632	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.827400923 CEST	443	50632	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.829721928 CEST	50638	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.829762936 CEST	443	50638	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.829830885 CEST	50638	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.830185890 CEST	50638	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.830216885 CEST	443	50638	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.849334002 CEST	443	50633	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.849422932 CEST	443	50633	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.849487066 CEST	50633	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.851624966 CEST	50633	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.851634979 CEST	443	50633	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.854784966 CEST	50639	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.854824066 CEST	443	50639	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:11.854939938 CEST	50639	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.855045080 CEST	50639	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:11.855058908 CEST	443	50639	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.215157032 CEST	443	50635	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.216325045 CEST	50635	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.216342926 CEST	443	50635	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.216635942 CEST	50635	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.216641903 CEST	443	50635	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.324768066 CEST	443	50635	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.324841022 CEST	443	50635	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.325058937 CEST	50635	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.325346947 CEST	50635	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.325376987 CEST	443	50635	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.325470924 CEST	50635	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.325481892 CEST	443	50635	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.331147909 CEST	50640	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.331180096 CEST	443	50640	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.331757069 CEST	50640	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.331938028 CEST	50640	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.331952095 CEST	443	50640	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.438615084 CEST	443	50637	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.439274073 CEST	50637	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.439291000 CEST	443	50637	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.439580917 CEST	50637	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.439589024 CEST	443	50637	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.463418007 CEST	443	50636	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.464160919 CEST	50636	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.464171886 CEST	443	50636	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.465349913 CEST	50636	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.465356112 CEST	443	50636	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.502876997 CEST	443	50638	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.505625010 CEST	50638	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.505652905 CEST	443	50638	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.506639957 CEST	50638	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.506650925 CEST	443	50638	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.548722982 CEST	443	50637	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.548794031 CEST	443	50637	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.548850060 CEST	50637	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.549143076 CEST	50637	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.549143076 CEST	50637	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.549159050 CEST	443	50637	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.549169064 CEST	443	50637	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.552025080 CEST	50641	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.552079916 CEST	443	50641	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.552263021 CEST	50641	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.552424908 CEST	50641	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.552447081 CEST	443	50641	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.567178011 CEST	443	50639	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.567576885 CEST	50639	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.567586899 CEST	443	50639	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.568178892 CEST	50639	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.568185091 CEST	443	50639	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.589288950 CEST	443	50636	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.589351892 CEST	443	50636	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.589421034 CEST	50636	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.590059996 CEST	50636	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.590074062 CEST	443	50636	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.590105057 CEST	50636	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.590111971 CEST	443	50636	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.592634916 CEST	50642	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.592672110 CEST	443	50642	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.592757940 CEST	50642	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.592941999 CEST	50642	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.592961073 CEST	443	50642	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.627578020 CEST	443	50638	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.627643108 CEST	443	50638	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.627795935 CEST	50638	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.629028082 CEST	50638	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.629028082 CEST	50638	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.629046917 CEST	443	50638	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.629055977 CEST	443	50638	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.637121916 CEST	50643	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.637177944 CEST	443	50643	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.637285948 CEST	50643	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.667642117 CEST	50643	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.667663097 CEST	443	50643	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.684317112 CEST	443	50639	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.684401035 CEST	443	50639	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.684458017 CEST	50639	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.688072920 CEST	50639	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.688096046 CEST	443	50639	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.692945004 CEST	50644	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.693005085 CEST	443	50644	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.693116903 CEST	50644	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.694581985 CEST	50644	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.694612980 CEST	443	50644	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.986767054 CEST	443	50640	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:12.991868019 CEST	50640	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:12.991894960 CEST	443	50640	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.002685070 CEST	50640	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.002700090 CEST	443	50640	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.109260082 CEST	443	50640	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.109428883 CEST	443	50640	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.109518051 CEST	50640	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.141338110 CEST	50640	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.141364098 CEST	443	50640	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.141381979 CEST	50640	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.141390085 CEST	443	50640	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.145149946 CEST	50646	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.145186901 CEST	443	50646	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.145268917 CEST	50646	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.145440102 CEST	50646	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.145457029 CEST	443	50646	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.247642040 CEST	443	50642	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.248116016 CEST	50642	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.248138905 CEST	443	50642	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.248544931 CEST	443	50641	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.248583078 CEST	50642	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.248600006 CEST	443	50642	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.248914003 CEST	50641	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.248929024 CEST	443	50641	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.249382019 CEST	50641	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.249398947 CEST	443	50641	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.331105947 CEST	443	50643	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.331701994 CEST	50643	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.331738949 CEST	443	50643	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.332366943 CEST	50643	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.332384109 CEST	443	50643	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.349644899 CEST	443	50644	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.350434065 CEST	50644	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.350449085 CEST	443	50644	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.351408005 CEST	50644	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.351413012 CEST	443	50644	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.355839014 CEST	443	50642	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.355912924 CEST	443	50642	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.355961084 CEST	50642	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.356218100 CEST	50642	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.356242895 CEST	443	50642	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.356262922 CEST	50642	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.356271029 CEST	443	50642	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.359404087 CEST	50647	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.359436035 CEST	443	50647	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.359503984 CEST	50647	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.359771013 CEST	50647	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.359782934 CEST	443	50647	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.369471073 CEST	443	50641	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.369649887 CEST	443	50641	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.369714022 CEST	50641	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.369757891 CEST	50641	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.369766951 CEST	443	50641	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.369807005 CEST	50641	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.369812965 CEST	443	50641	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.372206926 CEST	50648	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.372261047 CEST	443	50648	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.372607946 CEST	50648	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.372607946 CEST	50648	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.372642040 CEST	443	50648	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.591907978 CEST	443	50644	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.591922998 CEST	443	50643	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.591974020 CEST	443	50644	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.591989040 CEST	443	50643	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.592056036 CEST	50644	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.592056990 CEST	50643	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.592222929 CEST	50644	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.592242956 CEST	443	50644	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.592255116 CEST	50644	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.592261076 CEST	443	50644	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.592535973 CEST	50643	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.592555046 CEST	443	50643	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.592569113 CEST	50643	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.592575073 CEST	443	50643	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.594970942 CEST	50649	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.594970942 CEST	50650	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.594996929 CEST	443	50649	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.595002890 CEST	443	50650	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.595079899 CEST	50649	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.595079899 CEST	50650	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.595269918 CEST	50649	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.595279932 CEST	443	50649	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.595355988 CEST	50650	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.595371962 CEST	443	50650	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.797686100 CEST	443	50646	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.802886963 CEST	50646	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.802915096 CEST	443	50646	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.803366899 CEST	50646	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.803374052 CEST	443	50646	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.905653000 CEST	443	50646	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.905719995 CEST	443	50646	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.905782938 CEST	50646	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.906008005 CEST	50646	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.906022072 CEST	443	50646	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.906039000 CEST	50646	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.906044960 CEST	443	50646	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.908927917 CEST	50651	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.908970118 CEST	443	50651	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:13.909044981 CEST	50651	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.909228086 CEST	50651	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:13.909246922 CEST	443	50651	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.023080111 CEST	443	50647	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.023551941 CEST	50647	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.023586035 CEST	443	50647	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.024089098 CEST	443	50648	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.024168968 CEST	50647	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.024187088 CEST	443	50647	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.024503946 CEST	50648	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.024533987 CEST	443	50648	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.024908066 CEST	50648	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.024915934 CEST	443	50648	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.130573034 CEST	443	50648	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.130639076 CEST	443	50648	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.131388903 CEST	50648	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.131530046 CEST	50648	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.131546974 CEST	443	50648	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.131557941 CEST	50648	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.131566048 CEST	443	50648	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.132766008 CEST	443	50647	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.132831097 CEST	443	50647	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.132893085 CEST	50647	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.133456945 CEST	50647	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.133485079 CEST	443	50647	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.133498907 CEST	50647	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.133506060 CEST	443	50647	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.136279106 CEST	50652	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.136348963 CEST	443	50652	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.136610985 CEST	50652	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.138207912 CEST	50653	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.138232946 CEST	443	50653	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.138437986 CEST	50653	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.138490915 CEST	50652	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.138530016 CEST	443	50652	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.138660908 CEST	50653	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.138674974 CEST	443	50653	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.155782938 CEST	50654	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:14.155822039 CEST	443	50654	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:14.156275988 CEST	50654	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:14.156574965 CEST	50654	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:14.156593084 CEST	443	50654	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:14.253213882 CEST	443	50650	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.253671885 CEST	50650	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.253683090 CEST	443	50650	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.254209042 CEST	50650	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.254213095 CEST	443	50650	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.259116888 CEST	443	50649	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.259502888 CEST	50649	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.259510040 CEST	443	50649	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.259936094 CEST	50649	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.259941101 CEST	443	50649	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.369908094 CEST	443	50650	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.369968891 CEST	443	50649	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.369971991 CEST	443	50650	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.370042086 CEST	443	50649	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.370084047 CEST	50650	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.370245934 CEST	50649	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.370245934 CEST	50649	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.370245934 CEST	50649	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.370357037 CEST	50650	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.370357037 CEST	50650	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.370379925 CEST	443	50650	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.370395899 CEST	443	50650	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.373837948 CEST	50655	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.373878956 CEST	443	50655	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.373948097 CEST	50655	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.375057936 CEST	50656	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.375075102 CEST	443	50656	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.375153065 CEST	50656	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.375230074 CEST	50655	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.375247955 CEST	443	50655	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.375521898 CEST	50656	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.375535965 CEST	443	50656	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.572074890 CEST	443	50651	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.572581053 CEST	50651	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.572593927 CEST	443	50651	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.573056936 CEST	50651	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.573061943 CEST	443	50651	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.668087959 CEST	50649	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.668123960 CEST	443	50649	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.687973976 CEST	443	50651	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.688041925 CEST	443	50651	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.688199997 CEST	50651	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.688318014 CEST	50651	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.688337088 CEST	443	50651	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.688347101 CEST	50651	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.688353062 CEST	443	50651	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.691330910 CEST	50657	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.691399097 CEST	443	50657	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.691545963 CEST	50657	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.691692114 CEST	50657	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.691724062 CEST	443	50657	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.790837049 CEST	443	50653	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.791409016 CEST	50653	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.791425943 CEST	443	50653	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.792114973 CEST	50653	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.792129040 CEST	443	50653	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.803112030 CEST	443	50652	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.803554058 CEST	50652	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.803589106 CEST	443	50652	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.803982973 CEST	50652	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.803999901 CEST	443	50652	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.804311991 CEST	443	50654	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:14.804594994 CEST	50654	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:14.804615021 CEST	443	50654	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:14.804990053 CEST	443	50654	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:14.805361032 CEST	50654	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:14.805430889 CEST	443	50654	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:14.805530071 CEST	50654	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:14.805531025 CEST	50654	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:14.805557013 CEST	443	50654	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:14.901381969 CEST	443	50653	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.901454926 CEST	443	50653	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.901560068 CEST	50653	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.901684046 CEST	50653	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.901710033 CEST	443	50653	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.901724100 CEST	50653	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.901732922 CEST	443	50653	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.905306101 CEST	50658	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.905354023 CEST	443	50658	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.905527115 CEST	50658	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.905632973 CEST	50658	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.905651093 CEST	443	50658	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.914083004 CEST	443	50652	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.914139986 CEST	443	50652	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.914396048 CEST	50652	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.914434910 CEST	50652	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.914434910 CEST	50652	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.914450884 CEST	443	50652	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.914455891 CEST	443	50652	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.919409037 CEST	50659	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.919434071 CEST	443	50659	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:14.919663906 CEST	50659	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.920337915 CEST	50659	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:14.920355082 CEST	443	50659	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.030720949 CEST	443	50656	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.031316996 CEST	50656	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.031352043 CEST	443	50656	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.031811953 CEST	50656	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.031819105 CEST	443	50656	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.037026882 CEST	443	50655	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.038008928 CEST	50655	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.038028002 CEST	443	50655	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.039397001 CEST	50655	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.039408922 CEST	443	50655	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.119265079 CEST	443	50654	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:15.120122910 CEST	443	50654	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:15.120250940 CEST	50654	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:15.121615887 CEST	50654	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:15.121645927 CEST	443	50654	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:15.139029026 CEST	443	50656	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.139086008 CEST	443	50656	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.139184952 CEST	50656	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.143572092 CEST	50656	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.143614054 CEST	443	50656	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.143635035 CEST	50656	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.143646955 CEST	443	50656	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.146099091 CEST	50660	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.146130085 CEST	443	50655	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.146135092 CEST	443	50660	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.146181107 CEST	443	50655	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.146274090 CEST	50660	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.146353006 CEST	50655	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.146452904 CEST	50655	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.146452904 CEST	50655	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.146462917 CEST	443	50655	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.146476030 CEST	443	50655	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.146495104 CEST	50660	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.146507025 CEST	443	50660	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.149420023 CEST	50661	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.149467945 CEST	443	50661	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.149616957 CEST	50661	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.149714947 CEST	50661	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.149728060 CEST	443	50661	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.344233990 CEST	443	50657	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.344943047 CEST	50657	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.344964027 CEST	443	50657	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.345649958 CEST	50657	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.345657110 CEST	443	50657	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.455260992 CEST	443	50657	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.455336094 CEST	443	50657	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.455405951 CEST	50657	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.569092035 CEST	443	50658	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.576385975 CEST	443	50659	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.577789068 CEST	50657	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.577816963 CEST	443	50657	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.577851057 CEST	50657	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.577864885 CEST	443	50657	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.582431078 CEST	50658	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.582465887 CEST	443	50658	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.583271980 CEST	50658	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.583282948 CEST	443	50658	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.583723068 CEST	50659	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.583767891 CEST	443	50659	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.584307909 CEST	50659	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.584319115 CEST	443	50659	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.593173027 CEST	50662	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.593213081 CEST	443	50662	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.593326092 CEST	50662	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.593811035 CEST	50662	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.593823910 CEST	443	50662	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.685796022 CEST	443	50659	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.685884953 CEST	443	50659	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.685945988 CEST	50659	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.686147928 CEST	50659	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.686171055 CEST	443	50659	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.686208963 CEST	50659	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.686214924 CEST	443	50659	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.687478065 CEST	443	50658	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.687551022 CEST	443	50658	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.688406944 CEST	50658	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.689831018 CEST	50658	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.689831018 CEST	50658	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.689851046 CEST	443	50658	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.689861059 CEST	443	50658	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.690236092 CEST	50663	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.690278053 CEST	443	50663	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.690478086 CEST	50663	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.690814972 CEST	50663	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.690830946 CEST	443	50663	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.692272902 CEST	50664	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.692382097 CEST	443	50664	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.692603111 CEST	50664	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.692604065 CEST	50664	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.692653894 CEST	443	50664	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.800842047 CEST	443	50661	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.801661968 CEST	50661	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.801681995 CEST	443	50661	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.802463055 CEST	50661	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.802469969 CEST	443	50661	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.811045885 CEST	443	50660	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.811479092 CEST	50660	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.811520100 CEST	443	50660	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.811917067 CEST	50660	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.811928034 CEST	443	50660	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.908479929 CEST	443	50661	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.908545017 CEST	443	50661	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.908654928 CEST	50661	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.909794092 CEST	50661	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.909810066 CEST	443	50661	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.909853935 CEST	50661	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.909859896 CEST	443	50661	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.915667057 CEST	50665	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.915719986 CEST	443	50665	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.915807009 CEST	50665	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.916317940 CEST	50665	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.916337967 CEST	443	50665	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.920753956 CEST	443	50660	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.920814037 CEST	443	50660	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.921094894 CEST	50660	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.921510935 CEST	50660	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.921530008 CEST	443	50660	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.921540022 CEST	50660	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.921545982 CEST	443	50660	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.928970098 CEST	50666	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.929020882 CEST	443	50666	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:15.929235935 CEST	50666	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.929378986 CEST	50666	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:15.929399967 CEST	443	50666	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.273081064 CEST	443	50662	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.273538113 CEST	50662	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.273564100 CEST	443	50662	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.274375916 CEST	50662	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.274382114 CEST	443	50662	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.343209982 CEST	443	50664	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.343672037 CEST	50664	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.343688011 CEST	443	50664	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.344137907 CEST	50664	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.344144106 CEST	443	50664	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.383207083 CEST	443	50663	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.383826971 CEST	50663	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.383846998 CEST	443	50663	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.384331942 CEST	50663	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.384337902 CEST	443	50663	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.387352943 CEST	443	50662	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.390163898 CEST	443	50662	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.390245914 CEST	50662	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.390275955 CEST	50662	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.390304089 CEST	443	50662	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.390315056 CEST	50662	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.390321016 CEST	443	50662	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.393126011 CEST	50667	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.393165112 CEST	443	50667	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.393313885 CEST	50667	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.393487930 CEST	50667	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.393501043 CEST	443	50667	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.452291965 CEST	443	50664	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.452362061 CEST	443	50664	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.452449083 CEST	50664	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.452845097 CEST	50664	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.452845097 CEST	50664	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.452861071 CEST	443	50664	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.452869892 CEST	443	50664	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.455451012 CEST	50668	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.455482960 CEST	443	50668	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.455564022 CEST	50668	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.455703020 CEST	50668	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.455728054 CEST	443	50668	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.504699945 CEST	443	50663	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.504858971 CEST	443	50663	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.504961967 CEST	50663	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.505094051 CEST	50663	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.505116940 CEST	443	50663	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.505129099 CEST	50663	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.505135059 CEST	443	50663	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.508486032 CEST	50669	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.508526087 CEST	443	50669	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.508709908 CEST	50669	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.508816957 CEST	50669	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.508832932 CEST	443	50669	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.591887951 CEST	443	50665	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.592322111 CEST	50665	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.592360020 CEST	443	50665	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.592890024 CEST	50665	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.592896938 CEST	443	50665	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.601289988 CEST	443	50666	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.601733923 CEST	50666	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.601747036 CEST	443	50666	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.602210999 CEST	50666	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.602216959 CEST	443	50666	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.702117920 CEST	443	50665	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.702202082 CEST	443	50665	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.702300072 CEST	50665	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.702830076 CEST	50665	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.702851057 CEST	443	50665	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.702898026 CEST	50665	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.702907085 CEST	443	50665	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.706468105 CEST	50670	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.706516027 CEST	443	50670	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.706653118 CEST	50670	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.706979990 CEST	50670	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.706994057 CEST	443	50670	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.715105057 CEST	443	50666	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.715118885 CEST	49723	80	192.168.2.4	199.232.214.172
Oct 7, 2024 11:22:16.715178967 CEST	443	50666	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.715225935 CEST	50666	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.715581894 CEST	50666	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.715598106 CEST	443	50666	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.715611935 CEST	50666	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.715620041 CEST	443	50666	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.715770006 CEST	49724	80	192.168.2.4	199.232.214.172
Oct 7, 2024 11:22:16.719088078 CEST	50671	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.719129086 CEST	443	50671	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.719204903 CEST	50671	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.719377041 CEST	50671	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:16.719397068 CEST	443	50671	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:16.720523119 CEST	80	49723	199.232.214.172	192.168.2.4
Oct 7, 2024 11:22:16.720657110 CEST	49723	80	192.168.2.4	199.232.214.172
Oct 7, 2024 11:22:16.720726013 CEST	80	49724	199.232.214.172	192.168.2.4
Oct 7, 2024 11:22:16.720895052 CEST	49724	80	192.168.2.4	199.232.214.172
Oct 7, 2024 11:22:17.088098049 CEST	443	50667	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.089796066 CEST	50667	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.089796066 CEST	50667	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.089808941 CEST	443	50667	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.089832067 CEST	443	50667	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.115348101 CEST	443	50668	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.115906000 CEST	50668	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.115925074 CEST	443	50668	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.116296053 CEST	50668	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.116309881 CEST	443	50668	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.202740908 CEST	443	50669	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.203274012 CEST	50669	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.203295946 CEST	443	50669	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.203660965 CEST	443	50667	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.203725100 CEST	443	50667	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.203828096 CEST	50667	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.203828096 CEST	50669	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.203835011 CEST	443	50669	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.203921080 CEST	50667	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.203921080 CEST	50667	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.203942060 CEST	443	50667	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.203950882 CEST	443	50667	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.207408905 CEST	50672	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.207442999 CEST	443	50672	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.207554102 CEST	50672	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.207912922 CEST	50672	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.207923889 CEST	443	50672	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.222809076 CEST	443	50668	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.222888947 CEST	443	50668	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.222948074 CEST	50668	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.223164082 CEST	50668	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.223164082 CEST	50668	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.223181963 CEST	443	50668	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.223191023 CEST	443	50668	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.226006031 CEST	50673	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.226047993 CEST	443	50673	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.226131916 CEST	50673	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.226264000 CEST	50673	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.226279974 CEST	443	50673	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.316592932 CEST	443	50669	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.316754103 CEST	443	50669	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.316878080 CEST	50669	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.317013979 CEST	50669	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.317035913 CEST	443	50669	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.319745064 CEST	50674	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.319783926 CEST	443	50674	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.319849014 CEST	50674	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.320058107 CEST	50674	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.320074081 CEST	443	50674	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.371748924 CEST	443	50670	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.372916937 CEST	50670	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.372939110 CEST	443	50670	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.373406887 CEST	50670	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.373421907 CEST	443	50670	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.410682917 CEST	443	50671	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.411269903 CEST	50671	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.411297083 CEST	443	50671	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.411832094 CEST	50671	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.411838055 CEST	443	50671	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.481566906 CEST	443	50670	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.481671095 CEST	443	50670	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.481790066 CEST	50670	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.483218908 CEST	50670	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.483244896 CEST	443	50670	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.483321905 CEST	50670	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.483330011 CEST	443	50670	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.486470938 CEST	50675	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.486517906 CEST	443	50675	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.486799955 CEST	50675	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.486799955 CEST	50675	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.486835003 CEST	443	50675	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.526572943 CEST	443	50671	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.526643038 CEST	443	50671	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.526786089 CEST	50671	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.527060032 CEST	50671	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.527060032 CEST	50671	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.527081013 CEST	443	50671	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.527093887 CEST	443	50671	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.531588078 CEST	50676	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.531615019 CEST	443	50676	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.531712055 CEST	50676	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.531882048 CEST	50676	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.531891108 CEST	443	50676	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.856942892 CEST	443	50672	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.857930899 CEST	50672	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.857930899 CEST	50672	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.857974052 CEST	443	50672	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.857997894 CEST	443	50672	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.880889893 CEST	443	50673	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.881413937 CEST	50673	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.881464005 CEST	443	50673	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.881933928 CEST	50673	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.881939888 CEST	443	50673	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.963413000 CEST	443	50672	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.963486910 CEST	443	50672	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.963627100 CEST	50672	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.963844061 CEST	50672	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.963844061 CEST	50672	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.963860035 CEST	443	50672	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.963869095 CEST	443	50672	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.966281891 CEST	443	50674	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.967243910 CEST	50677	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.967268944 CEST	443	50677	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.967464924 CEST	50677	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.967998028 CEST	50674	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.968018055 CEST	443	50674	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.968550920 CEST	50674	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.968556881 CEST	443	50674	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.968698978 CEST	50677	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.968713999 CEST	443	50677	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.989793062 CEST	443	50673	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.989856005 CEST	443	50673	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.989911079 CEST	50673	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.989926100 CEST	443	50673	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.990000010 CEST	443	50673	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.990122080 CEST	50673	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.990149975 CEST	443	50673	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.990161896 CEST	50673	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.990161896 CEST	50673	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.990171909 CEST	443	50673	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.990180016 CEST	443	50673	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.992533922 CEST	50678	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.992559910 CEST	443	50678	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:17.992726088 CEST	50678	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.992937088 CEST	50678	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:17.992952108 CEST	443	50678	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.074974060 CEST	443	50674	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.075046062 CEST	443	50674	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.075110912 CEST	50674	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.075382948 CEST	50674	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.075392962 CEST	443	50674	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.075408936 CEST	50674	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.075417042 CEST	443	50674	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.078313112 CEST	50679	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.078352928 CEST	443	50679	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.078444004 CEST	50679	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.078564882 CEST	50679	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.078576088 CEST	443	50679	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.145862103 CEST	443	50675	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.146378994 CEST	50675	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.146399975 CEST	443	50675	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.146950960 CEST	50675	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.146956921 CEST	443	50675	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.183976889 CEST	443	50676	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.184848070 CEST	50676	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.184860945 CEST	443	50676	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.185024023 CEST	50676	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.185030937 CEST	443	50676	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.259057999 CEST	443	50675	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.259119987 CEST	443	50675	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.259358883 CEST	50675	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.259358883 CEST	50675	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.259402990 CEST	50675	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.259422064 CEST	443	50675	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.263617039 CEST	50680	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.263662100 CEST	443	50680	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.263761997 CEST	50680	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.263938904 CEST	50680	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.263952971 CEST	443	50680	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.293946028 CEST	443	50676	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.293982983 CEST	443	50676	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.294040918 CEST	443	50676	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.294053078 CEST	50676	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.294150114 CEST	50676	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.294820070 CEST	50676	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.294850111 CEST	443	50676	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.305253029 CEST	50681	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.305304050 CEST	443	50681	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.305540085 CEST	50681	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.306041956 CEST	50681	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.306056976 CEST	443	50681	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.658286095 CEST	443	50678	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.661808014 CEST	50678	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.661829948 CEST	443	50678	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.662359953 CEST	50678	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.662365913 CEST	443	50678	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.673701048 CEST	443	50677	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.674206018 CEST	50677	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.674223900 CEST	443	50677	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.674665928 CEST	50677	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.674681902 CEST	443	50677	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.749285936 CEST	443	50679	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.749802113 CEST	50679	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.749825001 CEST	443	50679	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.750379086 CEST	50679	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.750384092 CEST	443	50679	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.765799046 CEST	443	50678	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.765827894 CEST	443	50678	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.765939951 CEST	50678	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.765969038 CEST	443	50678	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.766100883 CEST	50678	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.766100883 CEST	50678	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.766119003 CEST	443	50678	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.766263008 CEST	443	50678	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.766297102 CEST	443	50678	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.766346931 CEST	50678	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.768500090 CEST	50682	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.768537998 CEST	443	50682	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.768623114 CEST	50682	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.768817902 CEST	50682	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.768834114 CEST	443	50682	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.792900085 CEST	443	50677	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.792958975 CEST	443	50677	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.793035984 CEST	50677	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.793051004 CEST	443	50677	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.793098927 CEST	50677	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.793135881 CEST	443	50677	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.793239117 CEST	443	50677	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.793304920 CEST	50677	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.793417931 CEST	50677	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.793417931 CEST	50677	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.793428898 CEST	443	50677	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.793433905 CEST	443	50677	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.796581030 CEST	50683	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.796648026 CEST	443	50683	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.796775103 CEST	50683	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.796914101 CEST	50683	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.796936989 CEST	443	50683	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.860069036 CEST	443	50679	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.860424042 CEST	443	50679	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.860527992 CEST	50679	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.860527992 CEST	50679	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.860527992 CEST	50679	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.863584995 CEST	50684	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.863634109 CEST	443	50684	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.863727093 CEST	50684	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.863851070 CEST	50684	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.863864899 CEST	443	50684	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.923161030 CEST	443	50680	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.923706055 CEST	50680	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.923723936 CEST	443	50680	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.924364090 CEST	50680	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.924380064 CEST	443	50680	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.970051050 CEST	443	50681	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.970530033 CEST	50681	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.970561028 CEST	443	50681	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:18.971019983 CEST	50681	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:18.971035957 CEST	443	50681	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.030374050 CEST	443	50680	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.030441046 CEST	443	50680	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.030535936 CEST	50680	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.039369106 CEST	50680	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.039369106 CEST	50680	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.039392948 CEST	443	50680	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.039398909 CEST	443	50680	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.042572021 CEST	50685	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.042618036 CEST	443	50685	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.043792963 CEST	50685	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.043905973 CEST	50685	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.043921947 CEST	443	50685	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.080874920 CEST	443	50681	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.080954075 CEST	443	50681	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.081115007 CEST	50681	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.081388950 CEST	50681	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.081388950 CEST	50681	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.081406116 CEST	443	50681	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.081415892 CEST	443	50681	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.084522009 CEST	50686	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.084562063 CEST	443	50686	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.084738016 CEST	50686	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.084913015 CEST	50686	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.084930897 CEST	443	50686	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.168709040 CEST	50679	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.168739080 CEST	443	50679	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.420097113 CEST	443	50682	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.420726061 CEST	50682	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.420741081 CEST	443	50682	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.421467066 CEST	50682	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.421472073 CEST	443	50682	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.461038113 CEST	443	50683	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.461622000 CEST	50683	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.461651087 CEST	443	50683	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.462011099 CEST	50683	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.462017059 CEST	443	50683	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.528877020 CEST	443	50684	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.529342890 CEST	50684	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.529370070 CEST	443	50684	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.530153990 CEST	50684	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.530159950 CEST	443	50684	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.532018900 CEST	443	50682	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.532186031 CEST	443	50682	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.532290936 CEST	50682	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.532326937 CEST	50682	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.532326937 CEST	50682	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.532339096 CEST	443	50682	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.532346964 CEST	443	50682	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.535412073 CEST	50687	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.535445929 CEST	443	50687	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.535861969 CEST	50687	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.535862923 CEST	50687	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.535898924 CEST	443	50687	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.569508076 CEST	443	50683	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.569572926 CEST	443	50683	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.569638014 CEST	50683	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.569919109 CEST	50683	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.569919109 CEST	50683	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.569940090 CEST	443	50683	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.569950104 CEST	443	50683	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.572881937 CEST	50688	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.572926044 CEST	443	50688	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.572989941 CEST	50688	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.573139906 CEST	50688	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.573157072 CEST	443	50688	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.637573957 CEST	443	50684	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.637733936 CEST	443	50684	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.637850046 CEST	50684	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.638021946 CEST	50684	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.638021946 CEST	50684	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.638040066 CEST	443	50684	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.638050079 CEST	443	50684	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.641338110 CEST	50689	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.641387939 CEST	443	50689	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.641525030 CEST	50689	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.641719103 CEST	50689	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.641741991 CEST	443	50689	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.704946041 CEST	443	50685	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.705404997 CEST	50685	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.705420971 CEST	443	50685	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.705916882 CEST	50685	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.705924034 CEST	443	50685	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.771315098 CEST	443	50686	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.772001028 CEST	50686	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.772016048 CEST	443	50686	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.772346020 CEST	50686	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.772351027 CEST	443	50686	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.814538956 CEST	443	50685	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.814606905 CEST	443	50685	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.814661026 CEST	50685	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.814860106 CEST	50685	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.814878941 CEST	443	50685	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.814894915 CEST	50685	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.814903021 CEST	443	50685	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.817425966 CEST	50690	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.817457914 CEST	443	50690	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.817614079 CEST	50690	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.817854881 CEST	50690	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.817869902 CEST	443	50690	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.884232998 CEST	443	50686	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.884315968 CEST	443	50686	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.884416103 CEST	50686	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.884576082 CEST	50686	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.884576082 CEST	50686	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.884593964 CEST	443	50686	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.884605885 CEST	443	50686	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.889259100 CEST	50691	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.889303923 CEST	443	50691	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:19.889456034 CEST	50691	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.889688015 CEST	50691	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:19.889702082 CEST	443	50691	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.189469099 CEST	443	50687	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.190192938 CEST	50687	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.190228939 CEST	443	50687	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.190527916 CEST	50687	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.190534115 CEST	443	50687	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.244862080 CEST	443	50688	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.245348930 CEST	50688	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.245373964 CEST	443	50688	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.245794058 CEST	50688	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.245800018 CEST	443	50688	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.297096968 CEST	443	50687	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.297363997 CEST	443	50687	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.297416925 CEST	50687	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.297533989 CEST	50687	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.297552109 CEST	443	50687	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.297570944 CEST	50687	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.297578096 CEST	443	50687	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.300179005 CEST	50692	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.300224066 CEST	443	50692	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.300293922 CEST	50692	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.300442934 CEST	50692	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.300465107 CEST	443	50692	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.302994013 CEST	443	50689	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.303411007 CEST	50689	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.303426981 CEST	443	50689	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.304186106 CEST	50689	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.304192066 CEST	443	50689	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.356173038 CEST	443	50688	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.356251001 CEST	443	50688	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.356323957 CEST	50688	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.356621981 CEST	50688	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.356647968 CEST	443	50688	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.356659889 CEST	50688	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.356667042 CEST	443	50688	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.359551907 CEST	50693	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.359599113 CEST	443	50693	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.359668016 CEST	50693	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.359867096 CEST	50693	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.359886885 CEST	443	50693	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.413135052 CEST	443	50689	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.413208961 CEST	443	50689	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.413273096 CEST	50689	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.413283110 CEST	443	50689	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.413295984 CEST	443	50689	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.413383961 CEST	50689	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.413904905 CEST	50689	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.413904905 CEST	50689	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.413923025 CEST	443	50689	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.413930893 CEST	443	50689	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.417081118 CEST	50694	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.417129993 CEST	443	50694	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.417237043 CEST	50694	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.417381048 CEST	50694	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.417396069 CEST	443	50694	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.482299089 CEST	443	50690	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.483413935 CEST	50690	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.483431101 CEST	443	50690	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.483652115 CEST	50690	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.483658075 CEST	443	50690	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.562884092 CEST	443	50691	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.563431025 CEST	50691	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.563488007 CEST	443	50691	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.563875914 CEST	50691	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.563894033 CEST	443	50691	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.593543053 CEST	443	50690	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.593620062 CEST	443	50690	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.593827963 CEST	50690	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.593861103 CEST	50690	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.593880892 CEST	443	50690	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.593899012 CEST	50690	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.593904972 CEST	443	50690	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.596561909 CEST	50695	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.596612930 CEST	443	50695	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.596728086 CEST	50695	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.596878052 CEST	50695	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.596894979 CEST	443	50695	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.671101093 CEST	443	50691	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.671129942 CEST	443	50691	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.671179056 CEST	443	50691	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.671344995 CEST	50691	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.671422958 CEST	50691	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.671844959 CEST	50691	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.671873093 CEST	443	50691	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.671884060 CEST	50691	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.671890974 CEST	443	50691	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.674921036 CEST	50696	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.674978971 CEST	443	50696	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.675065994 CEST	50696	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.675249100 CEST	50696	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.675262928 CEST	443	50696	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.959410906 CEST	443	50692	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.960252047 CEST	50692	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.960277081 CEST	443	50692	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:20.960711956 CEST	50692	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:20.960717916 CEST	443	50692	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.017990112 CEST	443	50693	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.018806934 CEST	50693	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.018826008 CEST	443	50693	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.019224882 CEST	50693	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.019231081 CEST	443	50693	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.070034981 CEST	443	50692	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.070107937 CEST	443	50692	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.070158958 CEST	50692	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.070338011 CEST	50692	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.070362091 CEST	443	50692	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.070374012 CEST	50692	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.070379972 CEST	443	50692	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.073174953 CEST	50697	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.073214054 CEST	443	50697	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.073293924 CEST	50697	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.073465109 CEST	50697	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.073482990 CEST	443	50697	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.088033915 CEST	443	50694	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.088452101 CEST	50694	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.088474035 CEST	443	50694	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.088893890 CEST	50694	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.088900089 CEST	443	50694	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.125833988 CEST	443	50693	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.125922918 CEST	443	50693	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.125987053 CEST	50693	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.126147985 CEST	50693	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.126168013 CEST	443	50693	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.126178980 CEST	50693	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.126184940 CEST	443	50693	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.129151106 CEST	50698	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.129173040 CEST	443	50698	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.129277945 CEST	50698	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.129565001 CEST	50698	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.129580975 CEST	443	50698	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.195976973 CEST	443	50694	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.196576118 CEST	443	50694	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.196650982 CEST	50694	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.196686983 CEST	50694	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.196708918 CEST	443	50694	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.196721077 CEST	50694	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.196727991 CEST	443	50694	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.201031923 CEST	50699	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.201082945 CEST	443	50699	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.201160908 CEST	50699	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.201457024 CEST	50699	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.201471090 CEST	443	50699	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.273518085 CEST	443	50695	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.274019957 CEST	50695	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.274072886 CEST	443	50695	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.274480104 CEST	50695	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.274486065 CEST	443	50695	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.328929901 CEST	443	50696	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.329478025 CEST	50696	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.329503059 CEST	443	50696	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.329910994 CEST	50696	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.329916000 CEST	443	50696	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.384435892 CEST	443	50695	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.384576082 CEST	443	50695	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.384627104 CEST	443	50695	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.384686947 CEST	50695	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.384723902 CEST	50695	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.384851933 CEST	50695	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.384871006 CEST	443	50695	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.384905100 CEST	50695	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.384912014 CEST	443	50695	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.387541056 CEST	50700	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.387592077 CEST	443	50700	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.387792110 CEST	50700	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.387928009 CEST	50700	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.387943983 CEST	443	50700	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.440123081 CEST	443	50696	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.440182924 CEST	443	50696	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.440257072 CEST	50696	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.442743063 CEST	50696	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.442761898 CEST	443	50696	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.442773104 CEST	50696	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.442778111 CEST	443	50696	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.446095943 CEST	50701	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.446160078 CEST	443	50701	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.446224928 CEST	50701	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.451076031 CEST	50701	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.451097012 CEST	443	50701	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.726031065 CEST	443	50697	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.726919889 CEST	50697	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.726947069 CEST	443	50697	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.727233887 CEST	50697	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.727241039 CEST	443	50697	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.824933052 CEST	443	50698	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.825932026 CEST	50698	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.825932026 CEST	50698	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.825963974 CEST	443	50698	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.825987101 CEST	443	50698	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.834131956 CEST	443	50697	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.834336042 CEST	443	50697	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.834414959 CEST	50697	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.834502935 CEST	50697	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.834502935 CEST	50697	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.834526062 CEST	443	50697	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.834537029 CEST	443	50697	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.836801052 CEST	50702	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.836848021 CEST	443	50702	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.836915016 CEST	50702	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.837049961 CEST	50702	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.837065935 CEST	443	50702	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.870795012 CEST	443	50699	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.871493101 CEST	50699	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.871531963 CEST	443	50699	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.871968031 CEST	50699	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.871973038 CEST	443	50699	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.938232899 CEST	443	50698	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.938503027 CEST	443	50698	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.938679934 CEST	50698	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.938679934 CEST	50698	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.938679934 CEST	50698	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.941239119 CEST	50703	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.941277981 CEST	443	50703	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.941366911 CEST	50703	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.941494942 CEST	50703	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.941507101 CEST	443	50703	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.978909969 CEST	443	50699	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.978987932 CEST	443	50699	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.979063988 CEST	50699	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.979090929 CEST	443	50699	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.979140043 CEST	50699	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.979259968 CEST	50699	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.979289055 CEST	443	50699	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.979311943 CEST	50699	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.979326963 CEST	443	50699	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.981887102 CEST	50704	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.981930017 CEST	443	50704	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:21.982127905 CEST	50704	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.982151031 CEST	50704	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:21.982157946 CEST	443	50704	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.065704107 CEST	443	50700	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.066232920 CEST	50700	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.066253901 CEST	443	50700	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.066890001 CEST	50700	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.066896915 CEST	443	50700	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.104852915 CEST	443	50701	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.105645895 CEST	50701	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.105681896 CEST	443	50701	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.106345892 CEST	50701	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.106350899 CEST	443	50701	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.179183006 CEST	443	50700	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.179883957 CEST	443	50700	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.179976940 CEST	50700	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.180053949 CEST	50700	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.180075884 CEST	443	50700	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.180085897 CEST	50700	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.180092096 CEST	443	50700	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.182962894 CEST	50705	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.183007002 CEST	443	50705	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.183082104 CEST	50705	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.183255911 CEST	50705	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.183269978 CEST	443	50705	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.212570906 CEST	443	50701	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.212609053 CEST	443	50701	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.212672949 CEST	443	50701	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.212701082 CEST	50701	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.212743998 CEST	50701	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.213267088 CEST	50701	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.213285923 CEST	443	50701	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.213294983 CEST	50701	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.213301897 CEST	443	50701	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.216974974 CEST	50706	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.217012882 CEST	443	50706	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.217070103 CEST	50706	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.217369080 CEST	50706	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.217384100 CEST	443	50706	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.245924950 CEST	50698	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.245958090 CEST	443	50698	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.504070997 CEST	443	50702	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.508122921 CEST	50702	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.508163929 CEST	443	50702	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.515974045 CEST	50702	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.515986919 CEST	443	50702	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.618313074 CEST	443	50702	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.618479967 CEST	443	50702	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.618542910 CEST	50702	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.618669987 CEST	50702	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.618688107 CEST	443	50702	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.618696928 CEST	50702	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.618704081 CEST	443	50702	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.620115042 CEST	443	50703	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.620914936 CEST	50703	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.620929956 CEST	443	50703	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.621841908 CEST	50703	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.621848106 CEST	443	50703	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.624387980 CEST	50707	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.624424934 CEST	443	50707	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.624485970 CEST	50707	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.627155066 CEST	50707	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.627168894 CEST	443	50707	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.653243065 CEST	443	50704	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.654282093 CEST	50704	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.654293060 CEST	443	50704	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.654721975 CEST	50704	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.654727936 CEST	443	50704	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.732542038 CEST	443	50703	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.732629061 CEST	443	50703	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.732676983 CEST	50703	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.732840061 CEST	50703	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.732857943 CEST	443	50703	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.732877970 CEST	50703	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.732884884 CEST	443	50703	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.735703945 CEST	50708	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.735760927 CEST	443	50708	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.735841990 CEST	50708	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.736011028 CEST	50708	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.736026049 CEST	443	50708	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.767054081 CEST	443	50704	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.767214060 CEST	443	50704	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.767283916 CEST	50704	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.767368078 CEST	50704	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.767390013 CEST	443	50704	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.767405033 CEST	50704	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.767410994 CEST	443	50704	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.770148039 CEST	50709	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.770193100 CEST	443	50709	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.770282030 CEST	50709	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.770694971 CEST	50709	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.770715952 CEST	443	50709	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.845901966 CEST	443	50705	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.846494913 CEST	50705	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.846555948 CEST	443	50705	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.846944094 CEST	50705	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.846966028 CEST	443	50705	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.883002043 CEST	443	50706	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.883443117 CEST	50706	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.883513927 CEST	443	50706	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.883801937 CEST	50706	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.883819103 CEST	443	50706	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.954531908 CEST	443	50705	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.954560995 CEST	443	50705	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.954608917 CEST	443	50705	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.954644918 CEST	50705	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.954703093 CEST	50705	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.954926968 CEST	50705	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.954977989 CEST	443	50705	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.955007076 CEST	50705	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.955024958 CEST	443	50705	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.957982063 CEST	50710	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.958033085 CEST	443	50710	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.958132982 CEST	50710	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.958297968 CEST	50710	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.958316088 CEST	443	50710	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.995942116 CEST	443	50706	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.996042013 CEST	443	50706	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.996092081 CEST	50706	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.996220112 CEST	50706	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.996232033 CEST	443	50706	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.996243000 CEST	50706	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.996248960 CEST	443	50706	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.999099970 CEST	50711	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.999146938 CEST	443	50711	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:22.999217987 CEST	50711	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.999336958 CEST	50711	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:22.999351025 CEST	443	50711	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.434099913 CEST	443	50707	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.434617043 CEST	50707	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.434634924 CEST	443	50707	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.435920954 CEST	50707	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.435925961 CEST	443	50707	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.544843912 CEST	443	50707	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.545006037 CEST	443	50707	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.545068026 CEST	50707	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.545233011 CEST	50707	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.545249939 CEST	443	50707	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.545263052 CEST	50707	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.545269966 CEST	443	50707	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.548080921 CEST	50712	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.548144102 CEST	443	50712	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.548226118 CEST	50712	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.548371077 CEST	50712	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.548388004 CEST	443	50712	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.616975069 CEST	443	50710	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.617522955 CEST	50710	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.617577076 CEST	443	50710	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.617619991 CEST	443	50708	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.617885113 CEST	50708	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.617908001 CEST	443	50708	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.618041992 CEST	50710	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.618057013 CEST	443	50710	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.618305922 CEST	50708	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.618310928 CEST	443	50708	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.632253885 CEST	443	50709	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.632710934 CEST	50709	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.632724047 CEST	443	50709	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.633220911 CEST	50709	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.633227110 CEST	443	50709	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.702493906 CEST	443	50711	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.703047991 CEST	50711	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.703073025 CEST	443	50711	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.703532934 CEST	50711	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.703538895 CEST	443	50711	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.724200964 CEST	443	50710	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.724455118 CEST	443	50710	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.724541903 CEST	50710	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.724569082 CEST	50710	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.724589109 CEST	443	50710	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.724597931 CEST	50710	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.724603891 CEST	443	50710	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.727523088 CEST	50713	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.727564096 CEST	443	50713	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.727648973 CEST	50713	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.727826118 CEST	50713	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.727839947 CEST	443	50713	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.728954077 CEST	443	50708	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.729021072 CEST	443	50708	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.729070902 CEST	50708	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.729161024 CEST	50708	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.729177952 CEST	443	50708	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.729207993 CEST	50708	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.729214907 CEST	443	50708	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.731360912 CEST	50714	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.731369972 CEST	443	50714	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.731430054 CEST	50714	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.731543064 CEST	50714	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.731553078 CEST	443	50714	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.746411085 CEST	443	50709	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.748222113 CEST	443	50709	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.748297930 CEST	50709	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.748310089 CEST	443	50709	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.748336077 CEST	443	50709	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.748382092 CEST	50709	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.748413086 CEST	50709	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.748420954 CEST	443	50709	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.748435020 CEST	50709	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.748441935 CEST	443	50709	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.750642061 CEST	50715	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.750679970 CEST	443	50715	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.750756979 CEST	50715	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.750891924 CEST	50715	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.750907898 CEST	443	50715	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.815876961 CEST	443	50711	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.815953970 CEST	443	50711	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.816009045 CEST	50711	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.816493034 CEST	50711	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.816512108 CEST	443	50711	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.816528082 CEST	50711	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.816534042 CEST	443	50711	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.819822073 CEST	50716	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.819871902 CEST	443	50716	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:23.820096016 CEST	50716	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.820245981 CEST	50716	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:23.820265055 CEST	443	50716	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.233639956 CEST	443	50712	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.234185934 CEST	50712	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.234224081 CEST	443	50712	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.234647036 CEST	50712	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.234653950 CEST	443	50712	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.345969915 CEST	443	50712	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.346385002 CEST	443	50712	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.346489906 CEST	50712	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.346532106 CEST	50712	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.346558094 CEST	443	50712	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.346569061 CEST	50712	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.346575022 CEST	443	50712	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.349076986 CEST	50717	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.349123955 CEST	443	50717	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.349204063 CEST	50717	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.349353075 CEST	50717	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.349366903 CEST	443	50717	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.400729895 CEST	443	50714	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.401273966 CEST	50714	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.401328087 CEST	443	50714	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.401757002 CEST	50714	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.401762962 CEST	443	50714	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.402915001 CEST	443	50713	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.403218031 CEST	50713	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.403234959 CEST	443	50713	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.403990030 CEST	50713	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.403996944 CEST	443	50713	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.447845936 CEST	443	50715	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.448338032 CEST	50715	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.448359013 CEST	443	50715	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.448829889 CEST	50715	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.448837042 CEST	443	50715	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.470979929 CEST	443	50716	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.471376896 CEST	50716	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.471394062 CEST	443	50716	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.474591017 CEST	50716	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.474600077 CEST	443	50716	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.509666920 CEST	443	50714	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.510423899 CEST	443	50714	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.510502100 CEST	50714	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.510550976 CEST	50714	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.510574102 CEST	443	50714	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.510585070 CEST	50714	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.510592937 CEST	443	50714	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.513533115 CEST	50718	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.513577938 CEST	443	50718	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.513657093 CEST	50718	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.514275074 CEST	50718	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.514288902 CEST	443	50718	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.522070885 CEST	443	50713	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.522561073 CEST	443	50713	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.522627115 CEST	50713	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.522643089 CEST	443	50713	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.522691965 CEST	50713	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.522716045 CEST	50713	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.522737980 CEST	443	50713	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.522751093 CEST	50713	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.522758007 CEST	443	50713	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.525048971 CEST	50719	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.525087118 CEST	443	50719	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.525166988 CEST	50719	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.526211023 CEST	50719	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.526225090 CEST	443	50719	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.559829950 CEST	443	50715	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.559988976 CEST	443	50715	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.560096979 CEST	50715	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.560312986 CEST	50715	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.560334921 CEST	443	50715	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.560345888 CEST	50715	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.560353041 CEST	443	50715	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.563349009 CEST	50720	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.563390017 CEST	443	50720	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.563570976 CEST	50720	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.563672066 CEST	50720	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.563688040 CEST	443	50720	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.580720901 CEST	443	50716	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.580810070 CEST	443	50716	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.580892086 CEST	50716	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.581172943 CEST	50716	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.581172943 CEST	50716	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.581187010 CEST	443	50716	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.581195116 CEST	443	50716	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.584141016 CEST	50721	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.584181070 CEST	443	50721	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:24.584273100 CEST	50721	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.584434986 CEST	50721	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:24.584443092 CEST	443	50721	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.015175104 CEST	443	50717	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.015707970 CEST	50717	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.015736103 CEST	443	50717	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.016161919 CEST	50717	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.016169071 CEST	443	50717	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.044462919 CEST	49734	80	192.168.2.4	192.229.221.95
Oct 7, 2024 11:22:25.044533968 CEST	49733	80	192.168.2.4	199.232.214.172
Oct 7, 2024 11:22:25.044595957 CEST	49735	80	192.168.2.4	199.232.214.172
Oct 7, 2024 11:22:25.054352999 CEST	80	49734	192.229.221.95	192.168.2.4
Oct 7, 2024 11:22:25.054420948 CEST	49734	80	192.168.2.4	192.229.221.95
Oct 7, 2024 11:22:25.054439068 CEST	80	49733	199.232.214.172	192.168.2.4
Oct 7, 2024 11:22:25.054450989 CEST	80	49735	199.232.214.172	192.168.2.4
Oct 7, 2024 11:22:25.054498911 CEST	49733	80	192.168.2.4	199.232.214.172
Oct 7, 2024 11:22:25.055691957 CEST	49735	80	192.168.2.4	199.232.214.172
Oct 7, 2024 11:22:25.124874115 CEST	443	50717	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.125041008 CEST	443	50717	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.125098944 CEST	50717	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.125123024 CEST	443	50717	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.125159025 CEST	443	50717	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.125202894 CEST	50717	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.127099991 CEST	50717	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.127118111 CEST	443	50717	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.127129078 CEST	50717	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.127135992 CEST	443	50717	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.130635023 CEST	50722	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.130660057 CEST	443	50722	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.130750895 CEST	50722	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.131125927 CEST	50722	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.131135941 CEST	443	50722	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.207909107 CEST	443	50718	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.208446980 CEST	50718	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.208465099 CEST	443	50718	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.208930016 CEST	50718	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.208935022 CEST	443	50718	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.223906994 CEST	443	50719	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.224512100 CEST	50719	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.224530935 CEST	443	50719	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.225071907 CEST	50719	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.225076914 CEST	443	50719	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.245546103 CEST	443	50721	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.246330023 CEST	50721	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.246346951 CEST	443	50721	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.246898890 CEST	50721	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.246903896 CEST	443	50721	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.252250910 CEST	443	50720	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.252821922 CEST	50720	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.252841949 CEST	443	50720	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.253304958 CEST	50720	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.253310919 CEST	443	50720	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.321101904 CEST	443	50718	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.321175098 CEST	443	50718	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.321259022 CEST	50718	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.321508884 CEST	50718	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.321532011 CEST	443	50718	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.321542025 CEST	50718	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.321547985 CEST	443	50718	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.325836897 CEST	50723	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.325891018 CEST	443	50723	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.326071978 CEST	50723	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.329411983 CEST	50723	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.329436064 CEST	443	50723	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.338398933 CEST	443	50719	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.339359999 CEST	443	50719	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.339425087 CEST	50719	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.339433908 CEST	443	50719	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.339446068 CEST	443	50719	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.339535952 CEST	50719	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.339555025 CEST	50719	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.339555025 CEST	50719	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.339569092 CEST	443	50719	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.339576960 CEST	443	50719	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.342322111 CEST	50724	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.342366934 CEST	443	50724	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.342447996 CEST	50724	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.342602015 CEST	50724	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.342617989 CEST	443	50724	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.357103109 CEST	443	50721	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.357129097 CEST	443	50721	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.357175112 CEST	443	50721	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.357220888 CEST	50721	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.357268095 CEST	50721	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.358433008 CEST	50721	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.358445883 CEST	443	50721	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.358458042 CEST	50721	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.358463049 CEST	443	50721	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.361560106 CEST	50725	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.361597061 CEST	443	50725	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.361676931 CEST	50725	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.361860991 CEST	50725	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.361876011 CEST	443	50725	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.373457909 CEST	443	50720	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.373624086 CEST	443	50720	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.373732090 CEST	50720	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.373732090 CEST	50720	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.373764992 CEST	50720	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.373779058 CEST	443	50720	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.377604008 CEST	50726	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.377618074 CEST	443	50726	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.377686977 CEST	50726	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.378302097 CEST	50726	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.378313065 CEST	443	50726	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.787292004 CEST	443	50722	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.787825108 CEST	50722	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.787848949 CEST	443	50722	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.788288116 CEST	50722	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.788292885 CEST	443	50722	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.897131920 CEST	443	50722	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.897228956 CEST	443	50722	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.897315025 CEST	50722	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.897584915 CEST	50722	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.897603989 CEST	443	50722	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.897614956 CEST	50722	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.897620916 CEST	443	50722	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.900608063 CEST	50727	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.900691986 CEST	443	50727	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.900791883 CEST	50727	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.901006937 CEST	50727	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.901042938 CEST	443	50727	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.936690092 CEST	443	50724	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.937330008 CEST	50724	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.937356949 CEST	443	50724	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.937839985 CEST	50724	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:25.937845945 CEST	443	50724	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:25.999923944 CEST	443	50723	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.000509977 CEST	50723	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.000530958 CEST	443	50723	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.000974894 CEST	50723	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.000981092 CEST	443	50723	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.037513018 CEST	443	50726	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.038079023 CEST	50726	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.038109064 CEST	443	50726	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.038535118 CEST	50726	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.038539886 CEST	443	50726	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.048917055 CEST	443	50724	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.049009085 CEST	443	50724	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.049201965 CEST	50724	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.049252987 CEST	50724	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.049252987 CEST	50724	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.049269915 CEST	443	50724	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.049278975 CEST	443	50724	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.052084923 CEST	50728	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.052128077 CEST	443	50728	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.052211046 CEST	50728	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.052361012 CEST	50728	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.052371979 CEST	443	50728	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.070230961 CEST	443	50725	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.070813894 CEST	50725	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.070830107 CEST	443	50725	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.071253061 CEST	50725	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.071258068 CEST	443	50725	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.109476089 CEST	443	50723	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.109510899 CEST	443	50723	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.109561920 CEST	443	50723	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.109642029 CEST	50723	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.109801054 CEST	50723	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.109822989 CEST	443	50723	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.109848976 CEST	50723	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.109857082 CEST	443	50723	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.112766027 CEST	50729	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.112813950 CEST	443	50729	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.112880945 CEST	50729	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.113054991 CEST	50729	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.113075018 CEST	443	50729	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.146240950 CEST	443	50726	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.146404028 CEST	443	50726	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.146465063 CEST	50726	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.146616936 CEST	50726	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.146636963 CEST	443	50726	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.146651983 CEST	50726	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.146657944 CEST	443	50726	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.149488926 CEST	50730	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.149544954 CEST	443	50730	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.149705887 CEST	50730	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.149867058 CEST	50730	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.149889946 CEST	443	50730	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.185168982 CEST	443	50725	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.185200930 CEST	443	50725	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.185246944 CEST	443	50725	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.185288906 CEST	50725	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.185326099 CEST	50725	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.185667992 CEST	50725	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.185689926 CEST	443	50725	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.185700893 CEST	50725	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.185707092 CEST	443	50725	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.188540936 CEST	50731	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.188575029 CEST	443	50731	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.188868999 CEST	50731	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.189055920 CEST	50731	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.189069033 CEST	443	50731	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.583242893 CEST	443	50727	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.583870888 CEST	50727	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.583914995 CEST	443	50727	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.584330082 CEST	50727	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.584341049 CEST	443	50727	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.698548079 CEST	443	50727	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.698939085 CEST	443	50727	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.699022055 CEST	50727	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.699079037 CEST	50727	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.699112892 CEST	443	50727	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.699129105 CEST	50727	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.699137926 CEST	443	50727	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.702130079 CEST	50732	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.702176094 CEST	443	50732	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.702276945 CEST	50732	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.702462912 CEST	50732	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.702477932 CEST	443	50732	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.729751110 CEST	443	50728	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.730340004 CEST	50728	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.730365992 CEST	443	50728	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.730853081 CEST	50728	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.730859041 CEST	443	50728	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.794346094 CEST	443	50729	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.795989990 CEST	50729	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.796016932 CEST	443	50729	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.796458006 CEST	50729	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.796466112 CEST	443	50729	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.805152893 CEST	443	50730	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.807825089 CEST	50730	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.807837963 CEST	443	50730	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.808226109 CEST	50730	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.808231115 CEST	443	50730	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.843158007 CEST	443	50728	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.843285084 CEST	443	50728	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.843343019 CEST	50728	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.843483925 CEST	50728	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.843508959 CEST	443	50728	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.843521118 CEST	50728	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.843528032 CEST	443	50728	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.845983028 CEST	50733	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.846040010 CEST	443	50733	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.846107960 CEST	50733	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.846252918 CEST	50733	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.846270084 CEST	443	50733	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.867698908 CEST	443	50731	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.868174076 CEST	50731	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.868205070 CEST	443	50731	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.868671894 CEST	50731	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.868678093 CEST	443	50731	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.916547060 CEST	443	50730	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.916629076 CEST	443	50730	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.916712046 CEST	50730	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.916876078 CEST	443	50729	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.916908026 CEST	443	50729	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.916948080 CEST	50729	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.916954041 CEST	443	50729	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.917002916 CEST	50729	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.929402113 CEST	50730	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.929434061 CEST	443	50730	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.929451942 CEST	50730	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.929461956 CEST	443	50730	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.930751085 CEST	50729	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.930762053 CEST	443	50729	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.930771112 CEST	50729	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.930778027 CEST	443	50729	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.934485912 CEST	50734	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.934602022 CEST	443	50734	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.934679031 CEST	50734	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.935265064 CEST	50734	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.935280085 CEST	443	50734	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.936026096 CEST	50735	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.936069012 CEST	443	50735	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.936136961 CEST	50735	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.936244011 CEST	50735	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.936253071 CEST	443	50735	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.980493069 CEST	443	50731	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.980669022 CEST	443	50731	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.980729103 CEST	50731	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:26.980741024 CEST	443	50731	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.981846094 CEST	443	50731	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:26.981918097 CEST	50731	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.032134056 CEST	50731	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.032165051 CEST	443	50731	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.032179117 CEST	50731	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.032187939 CEST	443	50731	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.047954082 CEST	50736	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.047998905 CEST	443	50736	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.048090935 CEST	50736	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.144056082 CEST	50736	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.144113064 CEST	443	50736	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.375401020 CEST	443	50732	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.375972986 CEST	50732	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.375989914 CEST	443	50732	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.376430988 CEST	50732	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.376435995 CEST	443	50732	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.485234022 CEST	443	50732	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.485300064 CEST	443	50732	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.485387087 CEST	50732	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.485599995 CEST	50732	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.485620975 CEST	443	50732	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.485632896 CEST	50732	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.485637903 CEST	443	50732	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.488492966 CEST	50737	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.488545895 CEST	443	50737	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.488626003 CEST	50737	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.488810062 CEST	50737	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.488830090 CEST	443	50737	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.509598970 CEST	443	50733	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.510124922 CEST	50733	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.510159969 CEST	443	50733	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.510610104 CEST	50733	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.510620117 CEST	443	50733	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.596741915 CEST	443	50735	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.603291035 CEST	50735	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.603312969 CEST	443	50735	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.603746891 CEST	50735	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.603753090 CEST	443	50735	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.613663912 CEST	443	50734	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.614262104 CEST	50734	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.614305973 CEST	443	50734	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.614972115 CEST	50734	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.614984989 CEST	443	50734	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.617733955 CEST	443	50733	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.617810965 CEST	443	50733	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.617866039 CEST	50733	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.618027925 CEST	50733	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.618048906 CEST	443	50733	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.618060112 CEST	50733	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.618067026 CEST	443	50733	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.620642900 CEST	50738	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.620690107 CEST	443	50738	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.620759964 CEST	50738	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.620896101 CEST	50738	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.620910883 CEST	443	50738	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.706311941 CEST	443	50735	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.706378937 CEST	443	50735	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.706490993 CEST	443	50735	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.706485033 CEST	50735	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.706573009 CEST	50735	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.706788063 CEST	50735	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.706806898 CEST	443	50735	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.706820011 CEST	50735	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.706828117 CEST	443	50735	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.709481001 CEST	50739	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.709527016 CEST	443	50739	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.709605932 CEST	50739	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.709753036 CEST	50739	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.709769011 CEST	443	50739	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.725668907 CEST	443	50734	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.726758003 CEST	443	50734	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.726844072 CEST	50734	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.726886988 CEST	50734	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.726886988 CEST	50734	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.726907969 CEST	443	50734	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.726921082 CEST	443	50734	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.729651928 CEST	50740	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.729681969 CEST	443	50740	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.729851961 CEST	50740	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.729927063 CEST	50740	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.729937077 CEST	443	50740	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.822433949 CEST	443	50736	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.822889090 CEST	50736	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.822931051 CEST	443	50736	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.823394060 CEST	50736	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.823405027 CEST	443	50736	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.934115887 CEST	443	50736	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.934206009 CEST	443	50736	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.934289932 CEST	50736	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.934497118 CEST	50736	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.934514999 CEST	443	50736	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.934530973 CEST	50736	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.934536934 CEST	443	50736	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.941869020 CEST	50741	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.941915989 CEST	443	50741	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:27.942004919 CEST	50741	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.942141056 CEST	50741	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:27.942157030 CEST	443	50741	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.052486897 CEST	443	50737	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.053193092 CEST	50737	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.053217888 CEST	443	50737	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.053678989 CEST	50737	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.053687096 CEST	443	50737	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.161720037 CEST	443	50737	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.161746979 CEST	443	50737	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.161812067 CEST	50737	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.161819935 CEST	443	50737	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.161856890 CEST	50737	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.162014961 CEST	50737	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.162034988 CEST	443	50737	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.162045002 CEST	50737	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.162050962 CEST	443	50737	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.165472031 CEST	50742	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.165518999 CEST	443	50742	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.165585041 CEST	50742	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.165771961 CEST	50742	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.165788889 CEST	443	50742	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.270836115 CEST	443	50738	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.271419048 CEST	50738	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.271470070 CEST	443	50738	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.271899939 CEST	50738	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.271907091 CEST	443	50738	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.374432087 CEST	443	50739	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.374917030 CEST	50739	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.374954939 CEST	443	50739	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.375381947 CEST	50739	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.375395060 CEST	443	50739	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.378377914 CEST	443	50738	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.378448963 CEST	443	50738	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.378508091 CEST	50738	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.378669024 CEST	50738	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.378690958 CEST	443	50738	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.378700972 CEST	50738	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.378707886 CEST	443	50738	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.383410931 CEST	50743	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.383460999 CEST	443	50743	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.383651018 CEST	50743	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.383768082 CEST	50743	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.383784056 CEST	443	50743	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.420104027 CEST	443	50740	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.420983076 CEST	50740	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.421010017 CEST	443	50740	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.421135902 CEST	50740	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.421142101 CEST	443	50740	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.483742952 CEST	443	50739	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.484014988 CEST	443	50739	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.484081984 CEST	50739	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.484169960 CEST	50739	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.484191895 CEST	443	50739	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.484205961 CEST	50739	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.484213114 CEST	443	50739	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.486876011 CEST	50744	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.486936092 CEST	443	50744	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.487030029 CEST	50744	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.487159014 CEST	50744	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.487176895 CEST	443	50744	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.533885956 CEST	443	50740	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.534677982 CEST	443	50740	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.534765005 CEST	50740	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.534826994 CEST	50740	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.534849882 CEST	443	50740	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.534862995 CEST	50740	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.534869909 CEST	443	50740	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.537719011 CEST	50745	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.537770987 CEST	443	50745	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.537839890 CEST	50745	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.537991047 CEST	50745	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.538007975 CEST	443	50745	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.605825901 CEST	443	50741	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.610075951 CEST	50741	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.610090971 CEST	443	50741	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.610573053 CEST	50741	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.610599995 CEST	443	50741	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.774503946 CEST	443	50741	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.774584055 CEST	443	50741	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.774645090 CEST	50741	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.774913073 CEST	50741	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.774940014 CEST	443	50741	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.774951935 CEST	50741	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.774959087 CEST	443	50741	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.778198957 CEST	50746	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.778237104 CEST	443	50746	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.778325081 CEST	50746	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.778532982 CEST	50746	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.778541088 CEST	443	50746	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.830646038 CEST	443	50742	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.831131935 CEST	50742	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.831156015 CEST	443	50742	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.831604004 CEST	50742	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.831609011 CEST	443	50742	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.941626072 CEST	443	50742	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.941729069 CEST	443	50742	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.941809893 CEST	50742	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.942363024 CEST	50742	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.942363024 CEST	50742	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.942385912 CEST	443	50742	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.942394018 CEST	443	50742	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.944967985 CEST	50747	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.945027113 CEST	443	50747	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:28.945103884 CEST	50747	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.945255041 CEST	50747	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:28.945262909 CEST	443	50747	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.040163994 CEST	443	50743	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.041356087 CEST	50743	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.041379929 CEST	443	50743	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.041850090 CEST	50743	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.041861057 CEST	443	50743	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.152746916 CEST	443	50743	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.152864933 CEST	443	50743	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.152915955 CEST	50743	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.153665066 CEST	50743	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.153691053 CEST	443	50743	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.153702974 CEST	50743	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.153709888 CEST	443	50743	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.154809952 CEST	443	50744	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.155226946 CEST	50744	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.155257940 CEST	443	50744	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.155690908 CEST	50744	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.155699968 CEST	443	50744	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.156728029 CEST	50748	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.156764030 CEST	443	50748	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.156812906 CEST	50748	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.157013893 CEST	50748	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.157025099 CEST	443	50748	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.216715097 CEST	443	50745	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.217195034 CEST	50745	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.217206955 CEST	443	50745	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.217828035 CEST	50745	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.217833042 CEST	443	50745	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.264791965 CEST	443	50744	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.267189026 CEST	443	50744	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.267250061 CEST	50744	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.289827108 CEST	50744	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.289853096 CEST	443	50744	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.289863110 CEST	50744	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.289870024 CEST	443	50744	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.308423042 CEST	50749	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.308489084 CEST	443	50749	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.308557987 CEST	50749	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.313250065 CEST	50749	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.313281059 CEST	443	50749	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.327070951 CEST	443	50745	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.327138901 CEST	443	50745	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.327182055 CEST	443	50745	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.327188969 CEST	50745	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.327233076 CEST	50745	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.329994917 CEST	50745	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.330014944 CEST	443	50745	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.330025911 CEST	50745	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.330033064 CEST	443	50745	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.336793900 CEST	50750	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.336832047 CEST	443	50750	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.336889982 CEST	50750	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.337250948 CEST	50750	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.337264061 CEST	443	50750	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.435666084 CEST	443	50746	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.478602886 CEST	50746	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.487412930 CEST	50746	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.487425089 CEST	443	50746	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.493855953 CEST	50746	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.493864059 CEST	443	50746	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.595520020 CEST	443	50747	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.596873045 CEST	443	50746	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.596971989 CEST	443	50746	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.597059965 CEST	50746	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.639919996 CEST	50747	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.706363916 CEST	50746	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.706363916 CEST	50746	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.706389904 CEST	443	50746	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.706394911 CEST	443	50746	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.706458092 CEST	50747	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.706482887 CEST	443	50747	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.706924915 CEST	50747	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.706932068 CEST	443	50747	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.718377113 CEST	50751	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.718432903 CEST	443	50751	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.718547106 CEST	50751	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.719469070 CEST	50751	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.719485998 CEST	443	50751	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.807709932 CEST	443	50747	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.807787895 CEST	443	50747	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.807868958 CEST	50747	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.812118053 CEST	50747	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.812144041 CEST	443	50747	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.812158108 CEST	50747	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.812164068 CEST	443	50747	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.835587978 CEST	50752	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.835623026 CEST	443	50752	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.835681915 CEST	50752	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.835891008 CEST	50752	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.835906982 CEST	443	50752	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.847524881 CEST	443	50748	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.848048925 CEST	50748	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.848076105 CEST	443	50748	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.848771095 CEST	50748	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.848778963 CEST	443	50748	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.962707996 CEST	443	50748	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.962789059 CEST	443	50748	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.962965012 CEST	50748	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.963217974 CEST	50748	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.963246107 CEST	443	50748	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.963257074 CEST	50748	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.963263035 CEST	443	50748	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.967277050 CEST	50753	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.967327118 CEST	443	50753	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.967488050 CEST	50753	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.967616081 CEST	50753	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.967633009 CEST	443	50753	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.972762108 CEST	443	50749	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.973258972 CEST	50749	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.973283052 CEST	443	50749	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:29.974081039 CEST	50749	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:29.974087954 CEST	443	50749	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.024631977 CEST	443	50750	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.025145054 CEST	50750	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.025166035 CEST	443	50750	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.025688887 CEST	50750	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.025695086 CEST	443	50750	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.087347031 CEST	443	50749	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.087445021 CEST	443	50749	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.087574959 CEST	50749	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.087588072 CEST	443	50749	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.087654114 CEST	443	50749	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.087711096 CEST	50749	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.087908983 CEST	50749	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.087924957 CEST	443	50749	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.087934971 CEST	50749	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.087940931 CEST	443	50749	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.091490984 CEST	50754	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.091526985 CEST	443	50754	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.091942072 CEST	50754	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.092139006 CEST	50754	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.092150927 CEST	443	50754	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.111855030 CEST	50755	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:30.111911058 CEST	443	50755	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:30.112049103 CEST	50755	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:30.112224102 CEST	50755	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:30.112245083 CEST	443	50755	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:30.136719942 CEST	443	50750	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.136753082 CEST	443	50750	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.136801004 CEST	443	50750	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.136804104 CEST	50750	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.136857033 CEST	50750	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.137511969 CEST	50750	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.137522936 CEST	443	50750	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.137533903 CEST	50750	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.137537956 CEST	443	50750	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.140662909 CEST	50756	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.140714884 CEST	443	50756	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.140774012 CEST	50756	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.140901089 CEST	50756	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.140921116 CEST	443	50756	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.383012056 CEST	443	50751	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.383655071 CEST	50751	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.383678913 CEST	443	50751	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.384072065 CEST	50751	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.384078026 CEST	443	50751	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.487804890 CEST	443	50752	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.488262892 CEST	50752	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.488291979 CEST	443	50752	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.488727093 CEST	50752	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.488733053 CEST	443	50752	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.493587017 CEST	443	50751	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.493626118 CEST	443	50751	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.493697882 CEST	443	50751	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.493830919 CEST	50751	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.493830919 CEST	50751	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.493870974 CEST	50751	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.493886948 CEST	443	50751	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.496983051 CEST	50757	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.497019053 CEST	443	50757	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.497148037 CEST	50757	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.497307062 CEST	50757	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.497318983 CEST	443	50757	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.596880913 CEST	443	50752	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.596950054 CEST	443	50752	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.597084999 CEST	50752	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.597229958 CEST	50752	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.597229958 CEST	50752	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.597254038 CEST	443	50752	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.597265005 CEST	443	50752	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.599976063 CEST	50758	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.600018024 CEST	443	50758	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.600135088 CEST	50758	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.600313902 CEST	50758	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.600338936 CEST	443	50758	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.625804901 CEST	443	50753	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.626504898 CEST	50753	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.626529932 CEST	443	50753	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.626980066 CEST	50753	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.626987934 CEST	443	50753	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.734738111 CEST	443	50753	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.735052109 CEST	443	50753	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.735105991 CEST	443	50753	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.735172987 CEST	50753	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.735172987 CEST	50753	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.735219955 CEST	50753	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.735241890 CEST	443	50753	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.735256910 CEST	50753	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.735263109 CEST	443	50753	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.737684011 CEST	50759	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.737728119 CEST	443	50759	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.737874031 CEST	50759	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.738014936 CEST	50759	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.738042116 CEST	443	50759	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.773375988 CEST	443	50754	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.774000883 CEST	50754	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.774014950 CEST	443	50754	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.774386883 CEST	50754	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.774404049 CEST	443	50754	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.805186033 CEST	443	50756	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.805808067 CEST	50756	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.805834055 CEST	443	50756	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.806411028 CEST	50756	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.806427002 CEST	443	50756	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.886168957 CEST	443	50754	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.886324883 CEST	443	50754	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.886395931 CEST	50754	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.886703014 CEST	50754	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.886703014 CEST	50754	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.886720896 CEST	443	50754	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.886732101 CEST	443	50754	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.891263008 CEST	50760	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.891299963 CEST	443	50760	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.891397953 CEST	50760	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.891535997 CEST	50760	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.891551971 CEST	443	50760	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.899123907 CEST	443	50755	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:30.899203062 CEST	50755	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:30.915770054 CEST	50755	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:30.915792942 CEST	443	50755	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:30.916021109 CEST	443	50756	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.916044950 CEST	443	50756	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.916069031 CEST	443	50755	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:30.916296959 CEST	50756	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.916313887 CEST	443	50756	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.916367054 CEST	443	50756	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.916450024 CEST	50756	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.916450024 CEST	50756	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.916481018 CEST	50756	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.916496992 CEST	443	50756	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.916574955 CEST	50755	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:30.916672945 CEST	50755	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:30.916697025 CEST	443	50755	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:30.919420958 CEST	50761	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.919456959 CEST	443	50761	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:30.919564009 CEST	50761	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.920289040 CEST	50761	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:30.920303106 CEST	443	50761	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.160676003 CEST	443	50757	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.161237955 CEST	50757	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.161254883 CEST	443	50757	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.161735058 CEST	50757	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.161740065 CEST	443	50757	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.252023935 CEST	443	50758	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.252470016 CEST	50758	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.252482891 CEST	443	50758	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.252959013 CEST	50758	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.252964973 CEST	443	50758	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.269995928 CEST	443	50757	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.270386934 CEST	443	50757	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.270433903 CEST	443	50757	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.270498037 CEST	50757	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.270561934 CEST	50757	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.270584106 CEST	443	50757	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.270596027 CEST	50757	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.270601988 CEST	443	50757	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.273102999 CEST	50762	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.273169994 CEST	443	50762	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.273428917 CEST	50762	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.273562908 CEST	50762	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.273581028 CEST	443	50762	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.291203976 CEST	443	50755	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:31.291657925 CEST	443	50755	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:31.291732073 CEST	50755	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:31.291801929 CEST	50755	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:31.291821003 CEST	443	50755	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:31.291831970 CEST	50755	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:31.291837931 CEST	443	50755	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:31.326412916 CEST	50763	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:31.326462984 CEST	443	50763	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:31.326549053 CEST	50763	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:31.326750994 CEST	50763	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:31.326773882 CEST	443	50763	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:31.370868921 CEST	443	50758	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.370898008 CEST	443	50758	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.370938063 CEST	443	50758	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.370958090 CEST	50758	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.370996952 CEST	50758	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.371213913 CEST	50758	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.371249914 CEST	443	50758	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.371278048 CEST	50758	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.371294022 CEST	443	50758	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.375406981 CEST	50764	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.375447989 CEST	443	50764	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.375905991 CEST	50764	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.376728058 CEST	50764	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.376749992 CEST	443	50764	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.402508020 CEST	443	50759	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.403188944 CEST	50759	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.403217077 CEST	443	50759	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.405149937 CEST	50759	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.405174971 CEST	443	50759	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.513849020 CEST	443	50759	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.514096022 CEST	443	50759	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.514280081 CEST	50759	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.514309883 CEST	50759	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.514309883 CEST	50759	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.514332056 CEST	443	50759	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.514342070 CEST	443	50759	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.516997099 CEST	50765	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.517050028 CEST	443	50765	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.517332077 CEST	50765	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.517332077 CEST	50765	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.517366886 CEST	443	50765	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.567639112 CEST	443	50760	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.568097115 CEST	50760	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.568131924 CEST	443	50760	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.568542004 CEST	50760	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.568548918 CEST	443	50760	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.624346018 CEST	443	50761	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.624752045 CEST	50761	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.624787092 CEST	443	50761	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.625266075 CEST	50761	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.625273943 CEST	443	50761	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.682924032 CEST	443	50760	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.682998896 CEST	443	50760	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.683056116 CEST	50760	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.683217049 CEST	50760	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.683238983 CEST	443	50760	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.683315992 CEST	50760	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.683326006 CEST	443	50760	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.688581944 CEST	50766	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.688621044 CEST	443	50766	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.688688040 CEST	50766	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.688857079 CEST	50766	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.688873053 CEST	443	50766	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.744551897 CEST	443	50761	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.744798899 CEST	443	50761	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.744884968 CEST	50761	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.744951010 CEST	50761	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.744981050 CEST	443	50761	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.744987965 CEST	50761	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.744997025 CEST	443	50761	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.751405001 CEST	50767	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.751446962 CEST	443	50767	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.751630068 CEST	50767	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.752048016 CEST	50767	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:31.752059937 CEST	443	50767	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:31.882764101 CEST	50768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:22:31.882800102 CEST	443	50768	4.175.87.197	192.168.2.4
Oct 7, 2024 11:22:31.882925987 CEST	50768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:22:31.883378029 CEST	50768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:22:31.883399010 CEST	443	50768	4.175.87.197	192.168.2.4
Oct 7, 2024 11:22:32.034729958 CEST	443	50762	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.042643070 CEST	50762	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.042687893 CEST	443	50762	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.043212891 CEST	50762	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.043222904 CEST	443	50762	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.142961025 CEST	443	50762	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.142985106 CEST	443	50762	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.143027067 CEST	443	50762	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.143105984 CEST	50762	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.143147945 CEST	50762	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.166043997 CEST	50762	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.166070938 CEST	443	50762	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.166081905 CEST	50762	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.166089058 CEST	443	50762	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.210160017 CEST	443	50763	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:32.220309019 CEST	443	50764	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.223417044 CEST	50763	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:32.223443985 CEST	443	50763	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:32.223994970 CEST	50764	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.223994970 CEST	50764	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.224016905 CEST	443	50764	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.224040985 CEST	443	50764	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.224301100 CEST	50763	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:32.224308014 CEST	443	50763	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:32.224369049 CEST	50763	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:32.224383116 CEST	443	50763	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:32.226322889 CEST	50769	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.226362944 CEST	443	50769	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.226495981 CEST	50769	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.226627111 CEST	50769	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.226640940 CEST	443	50769	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.232212067 CEST	443	50765	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.232930899 CEST	50765	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.232973099 CEST	443	50765	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.233587980 CEST	50765	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.233593941 CEST	443	50765	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.328367949 CEST	443	50764	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.328481913 CEST	443	50764	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.328660965 CEST	50764	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.328706026 CEST	50764	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.328706026 CEST	50764	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.328725100 CEST	443	50764	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.328735113 CEST	443	50764	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.332451105 CEST	50770	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.332499027 CEST	443	50770	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.332734108 CEST	50770	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.332881927 CEST	50770	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.332906961 CEST	443	50770	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.345830917 CEST	443	50765	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.345958948 CEST	443	50765	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.346021891 CEST	443	50765	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.346029997 CEST	50765	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.346165895 CEST	50765	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.346309900 CEST	50765	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.346309900 CEST	50765	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.346338987 CEST	443	50765	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.346348047 CEST	443	50765	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.349108934 CEST	50771	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.349159956 CEST	443	50771	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.349256992 CEST	50771	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.349544048 CEST	50771	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.349560022 CEST	443	50771	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.353925943 CEST	443	50766	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.354295015 CEST	50766	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.354305983 CEST	443	50766	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.354835033 CEST	50766	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.354840994 CEST	443	50766	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.441440105 CEST	443	50767	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.441984892 CEST	50767	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.441998959 CEST	443	50767	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.442512989 CEST	50767	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.442519903 CEST	443	50767	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.468672037 CEST	443	50766	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.468842983 CEST	443	50766	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.469285011 CEST	50766	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.469495058 CEST	50766	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.469495058 CEST	50766	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.469513893 CEST	443	50766	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.469521999 CEST	443	50766	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.472453117 CEST	50772	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.472507000 CEST	443	50772	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.472964048 CEST	50772	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.473176956 CEST	50772	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.473191023 CEST	443	50772	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.557113886 CEST	443	50767	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.557339907 CEST	443	50767	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.557393074 CEST	443	50767	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.557410002 CEST	50767	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.557501078 CEST	50767	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.557501078 CEST	50767	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.557524920 CEST	50767	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.557544947 CEST	443	50767	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.560466051 CEST	50773	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.560528040 CEST	443	50773	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.560606956 CEST	50773	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.560765028 CEST	50773	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.560785055 CEST	443	50773	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.805565119 CEST	443	50768	4.175.87.197	192.168.2.4
Oct 7, 2024 11:22:32.806756973 CEST	50768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:22:32.807413101 CEST	50768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:22:32.807424068 CEST	443	50768	4.175.87.197	192.168.2.4
Oct 7, 2024 11:22:32.807696104 CEST	443	50768	4.175.87.197	192.168.2.4
Oct 7, 2024 11:22:32.809559107 CEST	50768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:22:32.851408958 CEST	443	50768	4.175.87.197	192.168.2.4
Oct 7, 2024 11:22:32.916784048 CEST	443	50769	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.917257071 CEST	50769	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.917275906 CEST	443	50769	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.917819023 CEST	50769	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.917829037 CEST	443	50769	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.984793901 CEST	443	50770	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.985311985 CEST	50770	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.985332966 CEST	443	50770	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:32.986171007 CEST	50770	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:32.986177921 CEST	443	50770	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.024848938 CEST	443	50771	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.025274992 CEST	50771	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.025321007 CEST	443	50771	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.025726080 CEST	50771	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.025737047 CEST	443	50771	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.032497883 CEST	443	50769	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.032748938 CEST	443	50769	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.032831907 CEST	50769	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.032864094 CEST	50769	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.032864094 CEST	50769	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.032883883 CEST	443	50769	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.032892942 CEST	443	50769	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.035589933 CEST	50774	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.035636902 CEST	443	50774	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.035718918 CEST	50774	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.035851955 CEST	50774	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.035865068 CEST	443	50774	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.096261024 CEST	443	50770	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.096677065 CEST	443	50770	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.097152948 CEST	50770	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.101417065 CEST	50770	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.101447105 CEST	443	50770	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.101471901 CEST	50770	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.101479053 CEST	443	50770	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.104646921 CEST	50775	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.104700089 CEST	443	50775	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.105062962 CEST	50775	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.105178118 CEST	50775	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.105190039 CEST	443	50775	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.135566950 CEST	443	50771	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.135634899 CEST	443	50771	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.135809898 CEST	50771	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.135859966 CEST	50771	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.135879040 CEST	443	50771	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.135885000 CEST	50771	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.135891914 CEST	443	50771	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.138408899 CEST	50776	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.138453960 CEST	443	50776	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.138797998 CEST	50776	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.138797998 CEST	50776	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.138864994 CEST	443	50776	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.139062881 CEST	443	50768	4.175.87.197	192.168.2.4
Oct 7, 2024 11:22:33.139097929 CEST	443	50768	4.175.87.197	192.168.2.4
Oct 7, 2024 11:22:33.139117956 CEST	443	50768	4.175.87.197	192.168.2.4
Oct 7, 2024 11:22:33.139161110 CEST	50768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:22:33.139174938 CEST	443	50768	4.175.87.197	192.168.2.4
Oct 7, 2024 11:22:33.139240980 CEST	50768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:22:33.139240980 CEST	50768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:22:33.140161991 CEST	443	50768	4.175.87.197	192.168.2.4
Oct 7, 2024 11:22:33.140223980 CEST	443	50768	4.175.87.197	192.168.2.4
Oct 7, 2024 11:22:33.140254974 CEST	443	50768	4.175.87.197	192.168.2.4
Oct 7, 2024 11:22:33.140259027 CEST	50768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:22:33.140384912 CEST	50768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:22:33.141968012 CEST	50768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:22:33.141990900 CEST	443	50768	4.175.87.197	192.168.2.4
Oct 7, 2024 11:22:33.142009020 CEST	50768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 11:22:33.142015934 CEST	443	50768	4.175.87.197	192.168.2.4
Oct 7, 2024 11:22:33.161755085 CEST	443	50772	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.162306070 CEST	50772	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.162323952 CEST	443	50772	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.162770033 CEST	50772	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.162775040 CEST	443	50772	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.210828066 CEST	443	50773	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.211327076 CEST	50773	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.211361885 CEST	443	50773	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.211775064 CEST	50773	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.211781979 CEST	443	50773	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.272461891 CEST	443	50772	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.272722960 CEST	443	50772	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.272778988 CEST	50772	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.272877932 CEST	50772	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.272901058 CEST	443	50772	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.278172970 CEST	50777	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.278223991 CEST	443	50777	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.278368950 CEST	50777	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.278506041 CEST	50777	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.278512955 CEST	443	50777	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.318317890 CEST	443	50773	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.318386078 CEST	443	50773	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.318517923 CEST	50773	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.318589926 CEST	50773	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.318609953 CEST	443	50773	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.318646908 CEST	50773	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.318654060 CEST	443	50773	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.322105885 CEST	50778	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.322146893 CEST	443	50778	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.322315931 CEST	50778	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.322417974 CEST	50778	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.322428942 CEST	443	50778	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.688287020 CEST	443	50774	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.688764095 CEST	50774	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.688818932 CEST	443	50774	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.689234018 CEST	50774	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.689240932 CEST	443	50774	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.764229059 CEST	443	50775	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.764719009 CEST	50775	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.764740944 CEST	443	50775	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.765240908 CEST	50775	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.765245914 CEST	443	50775	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.794493914 CEST	443	50776	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.795017958 CEST	443	50774	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.795241117 CEST	50776	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.795252085 CEST	443	50776	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.796413898 CEST	50776	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.796421051 CEST	443	50776	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.797617912 CEST	443	50774	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.797686100 CEST	50774	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.797699928 CEST	443	50774	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.797751904 CEST	50774	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.797852993 CEST	50774	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.797874928 CEST	443	50774	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.797883987 CEST	50774	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.797892094 CEST	443	50774	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.800731897 CEST	50779	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.800779104 CEST	443	50779	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.800865889 CEST	50779	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.801580906 CEST	50779	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.801593065 CEST	443	50779	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.874902010 CEST	443	50775	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.875060081 CEST	443	50775	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.875217915 CEST	50775	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.875317097 CEST	50775	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.875344992 CEST	443	50775	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.875355959 CEST	50775	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.875360966 CEST	443	50775	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.877846956 CEST	50780	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.877907038 CEST	443	50780	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.877986908 CEST	50780	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.878221989 CEST	50780	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.878240108 CEST	443	50780	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.903992891 CEST	443	50776	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.904033899 CEST	443	50776	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.904100895 CEST	443	50776	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.904308081 CEST	50776	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.904308081 CEST	50776	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.904628992 CEST	50776	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.904628992 CEST	50776	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.904648066 CEST	443	50776	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.904656887 CEST	443	50776	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.908077002 CEST	50781	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.908121109 CEST	443	50781	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.908349991 CEST	50781	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.908349991 CEST	50781	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.908384085 CEST	443	50781	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.941262960 CEST	443	50777	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.941739082 CEST	50777	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.941752911 CEST	443	50777	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.942275047 CEST	50777	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.942280054 CEST	443	50777	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.987562895 CEST	443	50778	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.988001108 CEST	50778	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.988008976 CEST	443	50778	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:33.988521099 CEST	50778	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:33.988526106 CEST	443	50778	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.050535917 CEST	443	50777	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.051563025 CEST	443	50777	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.051791906 CEST	50777	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.051860094 CEST	50777	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.051870108 CEST	443	50777	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.051878929 CEST	50777	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.051883936 CEST	443	50777	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.054554939 CEST	50782	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.054586887 CEST	443	50782	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.054701090 CEST	50782	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.054915905 CEST	50782	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.054929972 CEST	443	50782	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.097316980 CEST	443	50778	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.097347975 CEST	443	50778	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.097389936 CEST	443	50778	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.097414017 CEST	50778	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.097450018 CEST	50778	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.097620964 CEST	50778	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.097639084 CEST	443	50778	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.097656012 CEST	50778	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.097662926 CEST	443	50778	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.100533962 CEST	50783	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.100584984 CEST	443	50783	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.100716114 CEST	50783	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.100878954 CEST	50783	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.100898027 CEST	443	50783	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.467839956 CEST	443	50779	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.512361050 CEST	50779	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.521259069 CEST	50779	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.521272898 CEST	443	50779	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.521975994 CEST	50779	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.521985054 CEST	443	50779	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.575423956 CEST	443	50780	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.593888044 CEST	443	50781	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.621511936 CEST	50780	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.624612093 CEST	443	50779	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.624670982 CEST	443	50779	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.624742031 CEST	50779	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.637665987 CEST	50781	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.671780109 CEST	443	50783	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.678343058 CEST	50783	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.678375959 CEST	443	50783	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.678808928 CEST	50783	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.678816080 CEST	443	50783	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.681991100 CEST	50780	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.681998014 CEST	443	50780	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.685358047 CEST	50780	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.685365915 CEST	443	50780	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.685745001 CEST	50781	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.685761929 CEST	443	50781	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.686216116 CEST	50781	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.686223984 CEST	443	50781	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.686582088 CEST	50779	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.686582088 CEST	50779	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.686614990 CEST	443	50779	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.686628103 CEST	443	50779	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.689323902 CEST	50784	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.689357996 CEST	443	50784	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.689564943 CEST	50784	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.689708948 CEST	50784	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.689726114 CEST	443	50784	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.711167097 CEST	443	50782	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.711602926 CEST	50782	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.711622953 CEST	443	50782	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.712171078 CEST	50782	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.712177992 CEST	443	50782	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.784502029 CEST	443	50783	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.784527063 CEST	443	50783	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.784579039 CEST	443	50783	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.784603119 CEST	50783	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.784637928 CEST	50783	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.784791946 CEST	50783	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.784820080 CEST	443	50783	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.784832001 CEST	50783	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.784838915 CEST	443	50783	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.787403107 CEST	50785	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.787456989 CEST	443	50785	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.788286924 CEST	50785	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.788286924 CEST	50785	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.788330078 CEST	443	50785	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.790555954 CEST	443	50780	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.790591955 CEST	443	50780	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.790632010 CEST	443	50780	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.790652990 CEST	50780	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.790683985 CEST	50780	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.790813923 CEST	50780	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.790824890 CEST	443	50780	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.790834904 CEST	50780	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.790841103 CEST	443	50780	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.791724920 CEST	443	50781	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.791893005 CEST	443	50781	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.792222023 CEST	50781	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.792222023 CEST	50781	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.792222023 CEST	50781	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.793191910 CEST	50786	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.793205023 CEST	443	50786	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.793258905 CEST	50786	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.793535948 CEST	50786	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.793555975 CEST	443	50786	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.793915033 CEST	50787	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.793942928 CEST	443	50787	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.794002056 CEST	50787	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.794102907 CEST	50787	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.794114113 CEST	443	50787	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.818382978 CEST	443	50782	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.818447113 CEST	443	50782	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.818558931 CEST	50782	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.818572998 CEST	443	50782	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.818928957 CEST	50782	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.818929911 CEST	50782	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.818938971 CEST	443	50782	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.819195032 CEST	443	50782	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.821839094 CEST	50788	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.821886063 CEST	443	50788	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:34.821943998 CEST	50788	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.822071075 CEST	50788	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:34.822088957 CEST	443	50788	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.090575933 CEST	50781	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.090600967 CEST	443	50781	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.340867996 CEST	443	50784	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.341351986 CEST	50784	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.341371059 CEST	443	50784	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.341797113 CEST	50784	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.341803074 CEST	443	50784	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.444647074 CEST	443	50785	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.445940971 CEST	50785	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.445940971 CEST	50785	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.445966959 CEST	443	50785	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.445982933 CEST	443	50785	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.449886084 CEST	443	50784	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.450239897 CEST	443	50784	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.450284958 CEST	443	50784	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.450299025 CEST	50784	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.450337887 CEST	50784	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.450360060 CEST	50784	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.450376987 CEST	443	50784	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.450386047 CEST	50784	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.450393915 CEST	443	50784	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.453581095 CEST	50789	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.453624964 CEST	443	50789	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.453686953 CEST	50789	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.453814030 CEST	50789	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.453828096 CEST	443	50789	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.462661028 CEST	443	50786	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.462687016 CEST	443	50787	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.463162899 CEST	50787	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.463191986 CEST	443	50787	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.463407993 CEST	50786	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.463418007 CEST	443	50786	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.463628054 CEST	50787	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.463634014 CEST	443	50787	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.464137077 CEST	50786	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.464143991 CEST	443	50786	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.477988005 CEST	443	50788	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.478476048 CEST	50788	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.478497982 CEST	443	50788	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.479012966 CEST	50788	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.479018927 CEST	443	50788	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.553379059 CEST	443	50785	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.553567886 CEST	443	50785	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.553621054 CEST	50785	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.553699970 CEST	50785	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.553699970 CEST	50785	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.553726912 CEST	443	50785	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.553735018 CEST	443	50785	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.556200027 CEST	50790	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.556236982 CEST	443	50790	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.556493998 CEST	50790	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.556610107 CEST	50790	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.556621075 CEST	443	50790	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.573823929 CEST	443	50787	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.573985100 CEST	443	50787	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.574215889 CEST	50787	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.574276924 CEST	50787	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.574290037 CEST	443	50787	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.574317932 CEST	50787	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.574323893 CEST	443	50787	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.574465036 CEST	443	50786	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.574496984 CEST	443	50786	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.574536085 CEST	443	50786	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.574609041 CEST	50786	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.575115919 CEST	50786	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.575115919 CEST	50786	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.575126886 CEST	443	50786	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.575134993 CEST	443	50786	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.578154087 CEST	50791	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.578185081 CEST	443	50791	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.578253031 CEST	50791	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.578365088 CEST	50791	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.578382015 CEST	443	50791	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.578572035 CEST	50792	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.578608036 CEST	443	50792	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.578701019 CEST	50792	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.578763008 CEST	50792	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.578771114 CEST	443	50792	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.587404966 CEST	443	50788	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.587483883 CEST	443	50788	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.587537050 CEST	50788	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.587547064 CEST	443	50788	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.587605953 CEST	443	50788	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.587661028 CEST	50788	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.587702990 CEST	50788	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.587714911 CEST	443	50788	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.587723017 CEST	50788	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.587728024 CEST	443	50788	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.589704037 CEST	50793	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.589742899 CEST	443	50793	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:35.589818954 CEST	50793	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.589937925 CEST	50793	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:35.589953899 CEST	443	50793	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.108937979 CEST	443	50789	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.109396935 CEST	50789	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.109410048 CEST	443	50789	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.109932899 CEST	50789	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.109937906 CEST	443	50789	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.218434095 CEST	443	50789	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.218684912 CEST	443	50789	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.218736887 CEST	50789	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.218838930 CEST	50789	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.219305992 CEST	50789	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.219321012 CEST	443	50789	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.219335079 CEST	50789	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.219341040 CEST	443	50789	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.221720934 CEST	443	50790	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.222450972 CEST	50790	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.222465038 CEST	443	50790	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.222918034 CEST	50794	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.222970963 CEST	443	50794	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.223047018 CEST	50790	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.223051071 CEST	443	50790	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.223052025 CEST	50794	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.223177910 CEST	50794	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.223196030 CEST	443	50794	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.233352900 CEST	443	50792	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.233690023 CEST	50792	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.233707905 CEST	443	50792	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.234087944 CEST	50792	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.234093904 CEST	443	50792	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.260448933 CEST	443	50791	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.260763884 CEST	50791	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.260799885 CEST	443	50791	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.261177063 CEST	50791	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.261183023 CEST	443	50791	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.262408018 CEST	443	50793	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.263156891 CEST	50793	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.263180017 CEST	443	50793	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.263509035 CEST	50793	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.263514042 CEST	443	50793	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.332237959 CEST	443	50790	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.332268953 CEST	443	50790	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.332321882 CEST	50790	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.332323074 CEST	443	50790	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.332384109 CEST	50790	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.332684994 CEST	50790	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.332707882 CEST	443	50790	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.332720995 CEST	50790	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.332726955 CEST	443	50790	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.335370064 CEST	50795	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.335413933 CEST	443	50795	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.335475922 CEST	50795	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.335675001 CEST	50795	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.335697889 CEST	443	50795	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.342020988 CEST	443	50792	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.342099905 CEST	443	50792	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.342180967 CEST	50792	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.342195034 CEST	443	50792	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.342217922 CEST	443	50792	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.342267036 CEST	50792	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.342345953 CEST	50792	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.342363119 CEST	443	50792	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.342372894 CEST	50792	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.342377901 CEST	443	50792	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.344269991 CEST	50796	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.344330072 CEST	443	50796	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.344393969 CEST	50796	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.344512939 CEST	50796	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.344530106 CEST	443	50796	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.373228073 CEST	443	50793	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.373550892 CEST	443	50793	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.373646021 CEST	50793	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.373716116 CEST	50793	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.373739004 CEST	443	50793	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.373752117 CEST	50793	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.373758078 CEST	443	50793	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.374346018 CEST	443	50791	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.374500036 CEST	443	50791	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.374547005 CEST	50791	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.374682903 CEST	50791	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.374701023 CEST	443	50791	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.374711037 CEST	50791	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.374716997 CEST	443	50791	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.375973940 CEST	50797	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.376022100 CEST	443	50797	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.376137018 CEST	50797	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.376301050 CEST	50798	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.376312017 CEST	443	50798	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.376354933 CEST	50798	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.376403093 CEST	50797	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.376419067 CEST	443	50797	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.376497030 CEST	50798	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.376512051 CEST	443	50798	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.405941963 CEST	50799	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:36.405977964 CEST	443	50799	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:36.406064034 CEST	50799	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:36.406347990 CEST	50799	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:36.406363010 CEST	443	50799	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:36.877763033 CEST	443	50794	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.880072117 CEST	50794	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.880115032 CEST	443	50794	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.880744934 CEST	50794	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.880753994 CEST	443	50794	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.989603043 CEST	443	50794	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.989658117 CEST	443	50794	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.989758968 CEST	50794	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.989989042 CEST	50794	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.990010977 CEST	443	50794	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.990021944 CEST	50794	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.990029097 CEST	443	50794	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.993361950 CEST	50800	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.993410110 CEST	443	50800	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:36.993506908 CEST	50800	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.993688107 CEST	50800	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:36.993699074 CEST	443	50800	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.001241922 CEST	443	50795	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.002209902 CEST	50795	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.002227068 CEST	443	50795	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.002629042 CEST	50795	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.002634048 CEST	443	50795	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.012995005 CEST	443	50796	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.016046047 CEST	50796	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.016058922 CEST	443	50796	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.016526937 CEST	50796	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.016532898 CEST	443	50796	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.031106949 CEST	443	50797	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.034591913 CEST	50797	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.034612894 CEST	443	50797	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.035156965 CEST	50797	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.035164118 CEST	443	50797	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.039623022 CEST	443	50798	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.043481112 CEST	443	50799	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:37.043808937 CEST	50798	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.043819904 CEST	443	50798	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.044461012 CEST	50798	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.044466972 CEST	443	50798	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.044749975 CEST	50799	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:37.044776917 CEST	443	50799	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:37.045151949 CEST	443	50799	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:37.045953989 CEST	50799	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:37.046020031 CEST	443	50799	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:37.046145916 CEST	50799	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:37.046164989 CEST	50799	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:37.046179056 CEST	443	50799	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:37.100785017 CEST	50801	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:37.100832939 CEST	443	50801	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:37.101237059 CEST	50801	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:37.101237059 CEST	50801	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:37.101274967 CEST	443	50801	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:37.112859011 CEST	443	50795	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.112936020 CEST	443	50795	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.113043070 CEST	443	50795	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.113045931 CEST	50795	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.113264084 CEST	50795	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.113279104 CEST	443	50795	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.113307953 CEST	50795	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.113312960 CEST	443	50795	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.113344908 CEST	50795	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.113348961 CEST	443	50795	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.116312981 CEST	50802	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.116374016 CEST	443	50802	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.116630077 CEST	50802	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.116630077 CEST	50802	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.116674900 CEST	443	50802	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.122267008 CEST	443	50796	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.138190031 CEST	443	50796	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.139046907 CEST	443	50797	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.139123917 CEST	443	50797	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.139146090 CEST	50796	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.139199018 CEST	50797	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.139439106 CEST	50797	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.139441013 CEST	50796	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.139455080 CEST	443	50796	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.139462948 CEST	443	50797	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.139475107 CEST	50797	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.139481068 CEST	443	50797	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.139483929 CEST	50796	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.139489889 CEST	443	50796	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.143039942 CEST	50803	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.143070936 CEST	443	50803	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.143189907 CEST	50804	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.143209934 CEST	443	50804	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.143230915 CEST	50803	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.143258095 CEST	50804	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.143407106 CEST	50804	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.143413067 CEST	50803	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.143420935 CEST	443	50804	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.143424034 CEST	443	50803	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.148565054 CEST	443	50798	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.148643017 CEST	443	50798	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.148745060 CEST	50798	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.148749113 CEST	443	50798	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.148921013 CEST	50798	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.148935080 CEST	443	50798	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.148945093 CEST	50798	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.148945093 CEST	50798	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.148952007 CEST	443	50798	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.148957968 CEST	443	50798	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.151335955 CEST	50805	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.151379108 CEST	443	50805	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.151459932 CEST	50805	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.151606083 CEST	50805	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.151621103 CEST	443	50805	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.346657038 CEST	443	50799	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:37.347003937 CEST	443	50799	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:37.347074032 CEST	50799	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:37.352572918 CEST	50799	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:37.352596998 CEST	443	50799	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:37.562160969 CEST	443	50763	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:37.562181950 CEST	443	50763	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:37.562199116 CEST	443	50763	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:37.562309027 CEST	50763	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:37.562330961 CEST	443	50763	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:37.562349081 CEST	443	50763	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:37.562401056 CEST	50763	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:37.562416077 CEST	50763	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:37.563283920 CEST	50763	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:37.563313007 CEST	443	50763	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:37.563325882 CEST	50763	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:37.563333988 CEST	443	50763	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:37.629618883 CEST	50806	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:37.629659891 CEST	443	50806	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:37.629739046 CEST	50806	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:37.629976034 CEST	50806	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:37.629990101 CEST	443	50806	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:37.659641027 CEST	443	50800	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.660187960 CEST	50800	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.660207033 CEST	443	50800	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.660902977 CEST	50800	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.660908937 CEST	443	50800	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.763966084 CEST	443	50801	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:37.767069101 CEST	443	50800	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.767373085 CEST	443	50800	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.767498016 CEST	50801	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:37.767514944 CEST	443	50801	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:37.767540932 CEST	50800	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.767611027 CEST	50800	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.767635107 CEST	443	50800	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.767647028 CEST	50800	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.767652988 CEST	443	50800	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.768179893 CEST	443	50801	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:37.770673037 CEST	50807	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.770724058 CEST	443	50807	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.771092892 CEST	50801	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:37.771138906 CEST	50807	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.771174908 CEST	443	50801	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:37.771290064 CEST	50801	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:37.771322966 CEST	50801	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:37.771332979 CEST	443	50801	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:37.771367073 CEST	50807	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.771377087 CEST	443	50807	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.773365974 CEST	443	50802	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.773755074 CEST	50802	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.773783922 CEST	443	50802	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.774333000 CEST	50802	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.774339914 CEST	443	50802	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.800764084 CEST	443	50804	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.801780939 CEST	50804	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.801809072 CEST	443	50804	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.802264929 CEST	50804	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.802272081 CEST	443	50804	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.812597036 CEST	443	50805	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.813041925 CEST	50805	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.813081980 CEST	443	50805	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.813601971 CEST	50805	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.813608885 CEST	443	50805	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.821598053 CEST	443	50803	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.821950912 CEST	50803	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.821971893 CEST	443	50803	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.822472095 CEST	50803	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.822478056 CEST	443	50803	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.880781889 CEST	443	50802	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.880863905 CEST	443	50802	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.880963087 CEST	50802	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.880976915 CEST	443	50802	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.881036997 CEST	50802	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.881247044 CEST	50802	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.881266117 CEST	443	50802	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.881277084 CEST	50802	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.881283998 CEST	443	50802	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.884562969 CEST	50808	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.884604931 CEST	443	50808	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.884706974 CEST	50808	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.884867907 CEST	50808	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.884879112 CEST	443	50808	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.907919884 CEST	443	50804	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.908293962 CEST	443	50804	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.908386946 CEST	50804	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.908425093 CEST	50804	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.908444881 CEST	443	50804	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.908456087 CEST	50804	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.908462048 CEST	443	50804	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.911582947 CEST	50809	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.911629915 CEST	443	50809	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.911761045 CEST	50809	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.911901951 CEST	50809	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.911916971 CEST	443	50809	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.922422886 CEST	443	50805	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.922499895 CEST	443	50805	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.922619104 CEST	443	50805	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.922625065 CEST	50805	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.922668934 CEST	50805	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.922875881 CEST	50805	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.922877073 CEST	50805	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.922903061 CEST	443	50805	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.922921896 CEST	443	50805	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.933470964 CEST	443	50803	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.933538914 CEST	443	50803	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.933599949 CEST	50803	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.933887959 CEST	50803	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.933907986 CEST	443	50803	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.933924913 CEST	50803	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.933932066 CEST	443	50803	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.937305927 CEST	50810	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.937340021 CEST	443	50810	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.937375069 CEST	50811	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.937412977 CEST	50810	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.937421083 CEST	443	50811	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.937467098 CEST	50811	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.937597990 CEST	50811	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.937608004 CEST	443	50811	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:37.937622070 CEST	50810	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:37.937633991 CEST	443	50810	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.070053101 CEST	443	50801	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:38.070673943 CEST	443	50801	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:38.070755005 CEST	50801	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:38.071311951 CEST	50801	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:38.071333885 CEST	443	50801	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:38.343864918 CEST	50812	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:38.343920946 CEST	443	50812	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:38.343992949 CEST	50812	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:38.344472885 CEST	50812	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:38.344487906 CEST	443	50812	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:38.427437067 CEST	443	50806	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:38.428062916 CEST	50806	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:38.428085089 CEST	443	50806	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:38.428927898 CEST	50806	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:38.428927898 CEST	50806	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:38.428935051 CEST	443	50806	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:38.428950071 CEST	443	50806	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:38.450745106 CEST	443	50807	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.451206923 CEST	50807	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.451226950 CEST	443	50807	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.451925039 CEST	50807	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.451930046 CEST	443	50807	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.562268972 CEST	443	50808	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.562760115 CEST	50808	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.562783957 CEST	443	50808	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.563358068 CEST	50808	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.563364983 CEST	443	50808	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.564459085 CEST	443	50807	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.564582109 CEST	443	50807	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.564652920 CEST	50807	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.564765930 CEST	50807	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.564786911 CEST	443	50807	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.564799070 CEST	50807	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.564805031 CEST	443	50807	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.567341089 CEST	50813	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.567394972 CEST	443	50813	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.567467928 CEST	50813	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.567589045 CEST	50813	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.567595959 CEST	443	50813	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.571837902 CEST	443	50809	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.572221994 CEST	50809	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.572252035 CEST	443	50809	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.572789907 CEST	50809	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.572802067 CEST	443	50809	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.592571974 CEST	443	50810	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.593015909 CEST	50810	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.593046904 CEST	443	50810	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.593466043 CEST	50810	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.593472958 CEST	443	50810	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.596443892 CEST	443	50811	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.596877098 CEST	50811	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.596898079 CEST	443	50811	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.597421885 CEST	50811	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.597428083 CEST	443	50811	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.672683001 CEST	443	50808	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.672873974 CEST	443	50808	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.672935963 CEST	50808	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.673000097 CEST	50808	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.673023939 CEST	443	50808	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.673033953 CEST	50808	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.673041105 CEST	443	50808	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.675865889 CEST	50814	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.675909042 CEST	443	50814	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.675985098 CEST	50814	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.676116943 CEST	50814	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.676127911 CEST	443	50814	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.681879997 CEST	443	50809	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.682148933 CEST	443	50809	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.682208061 CEST	50809	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.682224035 CEST	443	50809	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.682267904 CEST	443	50809	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.682301998 CEST	50809	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.682326078 CEST	443	50809	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.682339907 CEST	50809	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.682339907 CEST	50809	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.682349920 CEST	443	50809	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.682358027 CEST	443	50809	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.685480118 CEST	50815	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.685528994 CEST	443	50815	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.685596943 CEST	50815	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.685751915 CEST	50815	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.685769081 CEST	443	50815	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.702034950 CEST	443	50810	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.702105045 CEST	443	50810	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.702194929 CEST	50810	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.702424049 CEST	50810	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.702445984 CEST	443	50810	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.702466965 CEST	50810	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.702485085 CEST	443	50810	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.705605030 CEST	50816	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.705658913 CEST	443	50816	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.705759048 CEST	50816	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.705918074 CEST	50816	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.705934048 CEST	443	50816	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.711865902 CEST	443	50811	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.712304115 CEST	443	50811	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.712364912 CEST	443	50811	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.712383032 CEST	50811	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.712419033 CEST	50811	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.712460995 CEST	50811	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.712482929 CEST	443	50811	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.712496042 CEST	50811	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.712502003 CEST	443	50811	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.715204000 CEST	50817	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.715244055 CEST	443	50817	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.715413094 CEST	50817	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.715465069 CEST	50817	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:38.715472937 CEST	443	50817	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:38.992811918 CEST	443	50812	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:39.023220062 CEST	443	50806	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:39.023241997 CEST	443	50806	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:39.023286104 CEST	443	50806	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:39.023375988 CEST	50806	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:39.023396969 CEST	443	50806	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:39.023425102 CEST	50806	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:39.023674965 CEST	443	50806	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:39.026595116 CEST	50806	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:39.031879902 CEST	50812	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:39.031896114 CEST	443	50812	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:39.032267094 CEST	50806	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:39.032288074 CEST	443	50806	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:39.032320976 CEST	50806	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:39.032329082 CEST	443	50806	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:39.033488035 CEST	443	50812	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:39.034925938 CEST	50812	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:39.035095930 CEST	50812	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:39.035103083 CEST	443	50812	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:39.035120964 CEST	443	50812	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:39.035125971 CEST	50812	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:39.075404882 CEST	443	50812	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:39.090579033 CEST	50812	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:39.105178118 CEST	50818	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:39.105221033 CEST	443	50818	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:39.105357885 CEST	50818	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:39.105534077 CEST	50818	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:39.105540991 CEST	443	50818	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:39.234019041 CEST	443	50813	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.243110895 CEST	50813	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.243129969 CEST	443	50813	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.243623972 CEST	50813	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.243630886 CEST	443	50813	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.290514946 CEST	443	50815	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.291213036 CEST	50815	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.291238070 CEST	443	50815	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.291656971 CEST	50815	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.291662931 CEST	443	50815	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.293401003 CEST	443	50812	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:39.293744087 CEST	443	50812	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:39.293803930 CEST	50812	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:39.295037985 CEST	50812	443	192.168.2.4	142.250.185.142
Oct 7, 2024 11:22:39.295063019 CEST	443	50812	142.250.185.142	192.168.2.4
Oct 7, 2024 11:22:39.344347954 CEST	443	50814	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.344806910 CEST	50814	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.344821930 CEST	443	50814	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.345361948 CEST	50814	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.345366955 CEST	443	50814	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.353590012 CEST	443	50813	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.353668928 CEST	443	50813	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.353820086 CEST	50813	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.353877068 CEST	50813	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.353893995 CEST	443	50813	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.353907108 CEST	50813	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.353916883 CEST	443	50813	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.357430935 CEST	50819	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.357474089 CEST	443	50819	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.357537985 CEST	50819	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.357707977 CEST	50819	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.357723951 CEST	443	50819	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.382798910 CEST	443	50817	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.383336067 CEST	50817	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.383353949 CEST	443	50816	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.383354902 CEST	443	50817	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.383611917 CEST	50816	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.383644104 CEST	443	50816	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.383892059 CEST	50817	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.383898973 CEST	443	50817	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.384037971 CEST	50816	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.384047031 CEST	443	50816	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.403557062 CEST	443	50815	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.403726101 CEST	443	50815	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.403791904 CEST	50815	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.404090881 CEST	50815	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.404115915 CEST	443	50815	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.404126883 CEST	50815	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.404134989 CEST	443	50815	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.408653021 CEST	50820	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.408694983 CEST	443	50820	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.408756018 CEST	50820	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.409064054 CEST	50820	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.409077883 CEST	443	50820	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.458973885 CEST	443	50814	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.459506035 CEST	443	50814	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.459696054 CEST	50814	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.459875107 CEST	50814	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.459896088 CEST	443	50814	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.459940910 CEST	50814	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.459948063 CEST	443	50814	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.462600946 CEST	50821	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.462652922 CEST	443	50821	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.462821960 CEST	50821	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.462878942 CEST	50821	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.462887049 CEST	443	50821	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.491765022 CEST	443	50817	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.491934061 CEST	443	50817	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.492088079 CEST	50817	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.492355108 CEST	50817	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.492355108 CEST	50817	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.492384911 CEST	443	50817	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.492393017 CEST	443	50817	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.495073080 CEST	50822	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.495120049 CEST	443	50822	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.495203972 CEST	50822	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.495359898 CEST	50822	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.495376110 CEST	443	50822	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.496191025 CEST	443	50816	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.496268034 CEST	443	50816	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.496371031 CEST	443	50816	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.496422052 CEST	50816	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.496949911 CEST	50816	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.496973991 CEST	443	50816	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.496988058 CEST	50816	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.496994019 CEST	443	50816	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.500227928 CEST	50823	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.500263929 CEST	443	50823	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.500335932 CEST	50823	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.500458956 CEST	50823	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:39.500474930 CEST	443	50823	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:39.891799927 CEST	443	50818	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:39.892337084 CEST	50818	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:39.892357111 CEST	443	50818	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:39.893018961 CEST	50818	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:39.893018961 CEST	50818	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:39.893032074 CEST	443	50818	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:39.893047094 CEST	443	50818	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:40.018975973 CEST	443	50819	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.019664049 CEST	50819	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.019695997 CEST	443	50819	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.020258904 CEST	50819	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.020267010 CEST	443	50819	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.063215971 CEST	443	50820	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.063754082 CEST	50820	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.063771963 CEST	443	50820	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.064308882 CEST	50820	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.064315081 CEST	443	50820	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.136560917 CEST	443	50819	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.136723042 CEST	443	50819	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.136790991 CEST	50819	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.136811018 CEST	443	50819	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.136842012 CEST	443	50819	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.136893034 CEST	50819	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.137412071 CEST	50819	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.137427092 CEST	443	50819	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.137481928 CEST	50819	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.137487888 CEST	443	50819	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.141561031 CEST	50825	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.141586065 CEST	443	50825	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.141685963 CEST	50825	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.141843081 CEST	50825	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.141858101 CEST	443	50825	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.146070004 CEST	443	50822	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.146557093 CEST	50822	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.146588087 CEST	443	50822	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.147018909 CEST	50822	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.147025108 CEST	443	50822	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.155375957 CEST	443	50821	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.155844927 CEST	50821	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.155858040 CEST	443	50821	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.156272888 CEST	50821	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.156277895 CEST	443	50821	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.173082113 CEST	443	50820	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.173351049 CEST	443	50820	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.173429966 CEST	50820	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.173496962 CEST	50820	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.173513889 CEST	443	50820	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.173525095 CEST	50820	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.173532009 CEST	443	50820	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.176374912 CEST	50826	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.176388979 CEST	443	50826	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.176568985 CEST	50826	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.176692963 CEST	50826	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.176708937 CEST	443	50826	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.188680887 CEST	443	50823	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.189331055 CEST	50823	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.189353943 CEST	443	50823	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.189799070 CEST	50823	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.189806938 CEST	443	50823	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.254607916 CEST	443	50822	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.254684925 CEST	443	50822	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.254748106 CEST	50822	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.254921913 CEST	50822	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.254940987 CEST	443	50822	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.254951000 CEST	50822	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.254956007 CEST	443	50822	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.258177996 CEST	50827	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.258224964 CEST	443	50827	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.258292913 CEST	50827	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.258493900 CEST	50827	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.258510113 CEST	443	50827	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.270236969 CEST	443	50818	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:40.270260096 CEST	443	50818	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:40.270339966 CEST	443	50818	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:40.270375013 CEST	50818	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:40.270411968 CEST	50818	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:40.270673990 CEST	50818	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:40.270693064 CEST	443	50818	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:40.270725965 CEST	50818	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:40.270733118 CEST	443	50818	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:40.270931005 CEST	443	50821	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.270994902 CEST	443	50821	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.271039009 CEST	443	50821	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.271048069 CEST	50821	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.271106958 CEST	50821	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.271229029 CEST	50821	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.271234035 CEST	443	50821	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.271245003 CEST	50821	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.271250010 CEST	443	50821	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.275413036 CEST	50828	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.275443077 CEST	443	50828	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.275538921 CEST	50828	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.275788069 CEST	50828	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.275799990 CEST	443	50828	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.285453081 CEST	50829	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:40.285487890 CEST	443	50829	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:40.285566092 CEST	50829	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:40.285774946 CEST	50829	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:40.285790920 CEST	443	50829	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:40.302324057 CEST	443	50823	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.302571058 CEST	443	50823	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.302632093 CEST	50823	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.302784920 CEST	50823	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.302803040 CEST	443	50823	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.302812099 CEST	50823	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.302819967 CEST	443	50823	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.309369087 CEST	50830	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.309411049 CEST	443	50830	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.309482098 CEST	50830	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.310029030 CEST	50830	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.310045004 CEST	443	50830	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.808063030 CEST	443	50825	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.808767080 CEST	50825	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.808799982 CEST	443	50825	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.809473991 CEST	50825	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.809494972 CEST	443	50825	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.862839937 CEST	443	50826	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.863491058 CEST	50826	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.863531113 CEST	443	50826	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.863950014 CEST	50826	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.863975048 CEST	443	50826	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.908855915 CEST	443	50827	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.912035942 CEST	50827	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.912055016 CEST	443	50827	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.912596941 CEST	50827	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.912602901 CEST	443	50827	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.926364899 CEST	443	50825	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.926466942 CEST	443	50825	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.926752090 CEST	50825	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.926934004 CEST	50825	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.926958084 CEST	443	50825	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.926971912 CEST	50825	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.926978111 CEST	443	50825	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.929389000 CEST	50831	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.929433107 CEST	443	50831	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.929514885 CEST	50831	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.929702044 CEST	50831	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.929714918 CEST	443	50831	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.970108032 CEST	443	50828	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.970520973 CEST	50828	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.970530987 CEST	443	50828	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.970936060 CEST	50828	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.970941067 CEST	443	50828	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.975402117 CEST	443	50826	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.975529909 CEST	443	50826	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.975579023 CEST	443	50826	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.975634098 CEST	50826	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.975703955 CEST	50826	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.975719929 CEST	443	50826	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.975730896 CEST	50826	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.975737095 CEST	443	50826	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.978307962 CEST	50832	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.978357077 CEST	443	50832	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.978439093 CEST	50832	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.978645086 CEST	50832	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.978662014 CEST	443	50832	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.992546082 CEST	443	50830	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.992917061 CEST	50830	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.992934942 CEST	443	50830	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:40.993308067 CEST	50830	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:40.993314028 CEST	443	50830	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.017147064 CEST	443	50827	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.017262936 CEST	443	50827	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.017376900 CEST	50827	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.017580986 CEST	50827	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.017612934 CEST	443	50827	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.017627001 CEST	50827	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.017642975 CEST	443	50827	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.024219036 CEST	50833	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.024265051 CEST	443	50833	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.024363041 CEST	50833	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.024485111 CEST	50833	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.024502039 CEST	443	50833	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.084316015 CEST	443	50829	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:41.084897041 CEST	443	50828	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.084958076 CEST	443	50828	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.085398912 CEST	50829	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:41.085426092 CEST	50828	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.085429907 CEST	443	50829	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:41.086246967 CEST	50829	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:41.086252928 CEST	443	50829	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:41.086287022 CEST	50829	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:41.086296082 CEST	443	50829	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:41.086541891 CEST	50828	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.086561918 CEST	443	50828	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.086579084 CEST	50828	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.086585999 CEST	443	50828	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.089468002 CEST	50834	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.089509964 CEST	443	50834	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.089639902 CEST	50834	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.089808941 CEST	50834	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.089814901 CEST	443	50834	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.105508089 CEST	443	50830	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.105616093 CEST	443	50830	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.105662107 CEST	50830	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.105854034 CEST	50830	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.105854034 CEST	50830	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.105874062 CEST	443	50830	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.105882883 CEST	443	50830	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.109428883 CEST	50835	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.109468937 CEST	443	50835	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.109566927 CEST	50835	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.109695911 CEST	50835	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.109708071 CEST	443	50835	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.582956076 CEST	443	50831	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.585270882 CEST	50831	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.585285902 CEST	443	50831	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.586133957 CEST	50831	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.586138964 CEST	443	50831	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.671828985 CEST	443	50833	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.679888010 CEST	443	50832	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.690077066 CEST	443	50831	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.690248966 CEST	443	50831	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.690392971 CEST	50831	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.718198061 CEST	50833	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.735925913 CEST	50833	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.735974073 CEST	443	50833	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.737021923 CEST	50833	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.737056971 CEST	443	50833	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.737770081 CEST	50832	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.737787008 CEST	443	50832	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.738768101 CEST	50832	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.738775015 CEST	443	50832	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.739006996 CEST	50831	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.739006996 CEST	50831	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.739034891 CEST	443	50831	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.739044905 CEST	443	50831	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.747252941 CEST	50836	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.747292995 CEST	443	50836	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.747405052 CEST	50836	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.747636080 CEST	50836	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.747653008 CEST	443	50836	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.755760908 CEST	443	50834	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.765470028 CEST	50834	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.765513897 CEST	443	50834	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.766746044 CEST	50834	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.766781092 CEST	443	50834	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.793957949 CEST	443	50835	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.796719074 CEST	50835	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.796732903 CEST	443	50835	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.797785997 CEST	50835	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.797791958 CEST	443	50835	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.838399887 CEST	443	50833	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.838541031 CEST	443	50833	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.838609934 CEST	50833	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.838819027 CEST	50833	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.838854074 CEST	443	50833	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.844784975 CEST	50837	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.844829082 CEST	443	50837	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.844898939 CEST	50837	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.845063925 CEST	50837	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.845076084 CEST	443	50837	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.845153093 CEST	443	50832	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.846360922 CEST	443	50832	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.846445084 CEST	50832	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.846487045 CEST	50832	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.846504927 CEST	443	50832	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.846514940 CEST	50832	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.846520901 CEST	443	50832	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.849083900 CEST	50838	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.849097013 CEST	443	50838	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.849153042 CEST	50838	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.849375963 CEST	50838	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.849386930 CEST	443	50838	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.872714996 CEST	443	50834	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.872981071 CEST	443	50834	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.873086929 CEST	50834	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.873678923 CEST	50834	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.873718023 CEST	443	50834	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.873737097 CEST	50834	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.873749971 CEST	443	50834	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.877767086 CEST	50839	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.877810001 CEST	443	50839	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.878079891 CEST	50839	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.878079891 CEST	50839	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.878114939 CEST	443	50839	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.907315016 CEST	443	50835	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.907433987 CEST	443	50835	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.907505989 CEST	50835	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.907517910 CEST	443	50835	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.907562971 CEST	443	50835	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.907654047 CEST	50835	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.907793999 CEST	50835	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.907807112 CEST	443	50835	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.907816887 CEST	50835	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.907823086 CEST	443	50835	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.910732985 CEST	50840	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.910768032 CEST	443	50840	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:41.910834074 CEST	50840	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.911020041 CEST	50840	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:41.911034107 CEST	443	50840	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.046505928 CEST	443	50829	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:42.046528101 CEST	443	50829	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:42.046570063 CEST	443	50829	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:42.046642065 CEST	50829	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:42.046670914 CEST	443	50829	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:42.046684027 CEST	50829	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:42.046847105 CEST	443	50829	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:42.046894073 CEST	50829	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:42.046973944 CEST	50829	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:42.046991110 CEST	443	50829	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:42.046999931 CEST	50829	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:42.047005892 CEST	443	50829	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:42.076103926 CEST	50841	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:42.076159000 CEST	443	50841	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:42.076239109 CEST	50841	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:42.078222990 CEST	50841	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:42.078238964 CEST	443	50841	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:42.430176973 CEST	443	50836	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.430706024 CEST	50836	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.430727959 CEST	443	50836	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.431212902 CEST	50836	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.431219101 CEST	443	50836	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.503693104 CEST	443	50838	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.506679058 CEST	50838	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.506726980 CEST	443	50838	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.507726908 CEST	50838	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.507733107 CEST	443	50838	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.511157990 CEST	443	50837	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.511619091 CEST	50837	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.511636019 CEST	443	50837	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.512104988 CEST	50837	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.512110949 CEST	443	50837	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.542814970 CEST	443	50836	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.543004036 CEST	443	50836	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.543128967 CEST	50836	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.544087887 CEST	50836	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.544087887 CEST	50836	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.544109106 CEST	443	50836	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.544126034 CEST	443	50836	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.549382925 CEST	50842	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.549426079 CEST	443	50842	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.549550056 CEST	50842	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.549802065 CEST	50842	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.549818039 CEST	443	50842	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.573100090 CEST	443	50840	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.573618889 CEST	50840	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.573641062 CEST	443	50840	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.574234009 CEST	50840	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.574239969 CEST	443	50840	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.574249983 CEST	443	50839	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.574750900 CEST	50839	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.574767113 CEST	443	50839	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.575292110 CEST	50839	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.575297117 CEST	443	50839	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.611639023 CEST	443	50838	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.611788988 CEST	443	50838	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.611855984 CEST	50838	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.611955881 CEST	50838	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.611990929 CEST	443	50838	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.612001896 CEST	50838	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.612009048 CEST	443	50838	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.614655972 CEST	50843	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.614690065 CEST	443	50843	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.614748955 CEST	50843	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.614891052 CEST	50843	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.614902020 CEST	443	50843	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.620801926 CEST	443	50837	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.620835066 CEST	443	50837	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.620879889 CEST	443	50837	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.620893002 CEST	50837	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.620919943 CEST	50837	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.621090889 CEST	50837	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.621104956 CEST	443	50837	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.621114969 CEST	50837	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.621120930 CEST	443	50837	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.623200893 CEST	50844	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.623241901 CEST	443	50844	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.623403072 CEST	50844	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.623550892 CEST	50844	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.623564959 CEST	443	50844	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.681854963 CEST	443	50840	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.682020903 CEST	443	50840	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.682117939 CEST	50840	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.682137966 CEST	50840	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.682148933 CEST	443	50840	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.682157993 CEST	50840	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.682163000 CEST	443	50840	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.684510946 CEST	50845	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.684565067 CEST	443	50845	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.684799910 CEST	50845	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.684937954 CEST	50845	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.684956074 CEST	443	50845	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.687695980 CEST	443	50839	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.687730074 CEST	443	50839	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.687777042 CEST	443	50839	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.687820911 CEST	50839	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.687849045 CEST	50839	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.687963963 CEST	50839	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.687980890 CEST	443	50839	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.688003063 CEST	50839	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.688009024 CEST	443	50839	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.690107107 CEST	50846	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.690121889 CEST	443	50846	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.690318108 CEST	50846	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.690486908 CEST	50846	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:42.690500021 CEST	443	50846	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:42.892580032 CEST	443	50841	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:42.893045902 CEST	50841	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:42.893078089 CEST	443	50841	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:42.893691063 CEST	50841	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:42.893691063 CEST	50841	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:42.893704891 CEST	443	50841	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:42.893728018 CEST	443	50841	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:43.276988029 CEST	443	50841	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:43.277054071 CEST	443	50841	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:43.277096033 CEST	443	50841	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:43.277160883 CEST	50841	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:43.277160883 CEST	50841	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:43.277184010 CEST	443	50841	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:43.277358055 CEST	443	50841	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:43.277395010 CEST	50841	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:43.277395010 CEST	50841	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:43.277424097 CEST	443	50841	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:43.277443886 CEST	50841	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:43.277452946 CEST	443	50841	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:43.300610065 CEST	50847	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:43.300649881 CEST	443	50847	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:43.300729036 CEST	50847	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:43.300879955 CEST	50847	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:43.300889969 CEST	443	50847	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:43.431618929 CEST	443	50846	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.432569027 CEST	50846	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.432569027 CEST	50846	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.432600975 CEST	443	50846	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.432629108 CEST	443	50846	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.434847116 CEST	443	50844	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.435270071 CEST	443	50842	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.436738968 CEST	50844	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.436772108 CEST	443	50844	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.437611103 CEST	50844	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.437622070 CEST	443	50844	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.437963009 CEST	50842	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.437983990 CEST	443	50842	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.438460112 CEST	50842	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.438466072 CEST	443	50842	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.441454887 CEST	443	50845	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.442122936 CEST	50845	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.442141056 CEST	443	50845	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.442923069 CEST	50845	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.442930937 CEST	443	50845	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.444176912 CEST	443	50843	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.444729090 CEST	50843	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.444747925 CEST	443	50843	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.445467949 CEST	50843	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.445473909 CEST	443	50843	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.539752007 CEST	443	50846	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.539832115 CEST	443	50846	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.540121078 CEST	50846	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.540121078 CEST	50846	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.540157080 CEST	50846	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.540180922 CEST	443	50846	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.543247938 CEST	443	50842	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.543334961 CEST	443	50842	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.543404102 CEST	50842	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.543662071 CEST	50842	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.543682098 CEST	443	50842	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.543694973 CEST	50842	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.543701887 CEST	443	50842	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.543760061 CEST	50848	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.543816090 CEST	443	50848	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.543915987 CEST	50848	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.544030905 CEST	50848	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.544040918 CEST	443	50848	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.545448065 CEST	443	50844	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.545484066 CEST	443	50844	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.545531988 CEST	443	50844	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.545550108 CEST	50844	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.545593023 CEST	50844	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.545656919 CEST	50844	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.545667887 CEST	443	50844	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.545677900 CEST	50844	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.545685053 CEST	443	50844	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.546387911 CEST	50849	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.546417952 CEST	443	50849	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.546535015 CEST	50849	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.546806097 CEST	50849	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.546822071 CEST	443	50849	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.548357010 CEST	50850	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.548367023 CEST	443	50850	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.548500061 CEST	50850	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.548677921 CEST	50850	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.548687935 CEST	443	50850	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.558264017 CEST	443	50845	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.558325052 CEST	443	50845	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.558422089 CEST	50845	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.558547974 CEST	50845	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.558554888 CEST	443	50845	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.558588028 CEST	50845	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.558593988 CEST	443	50845	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.560787916 CEST	50851	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.560806036 CEST	443	50851	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.560868025 CEST	50851	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.561002970 CEST	50851	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.561014891 CEST	443	50851	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.561176062 CEST	443	50843	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.561235905 CEST	443	50843	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.561304092 CEST	50843	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.561410904 CEST	50843	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.561423063 CEST	443	50843	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.561444998 CEST	50843	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.561451912 CEST	443	50843	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.563600063 CEST	50852	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.563625097 CEST	443	50852	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:43.563685894 CEST	50852	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.563846111 CEST	50852	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:43.563857079 CEST	443	50852	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.084141970 CEST	443	50847	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:44.098994017 CEST	50847	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:44.099020004 CEST	443	50847	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:44.099440098 CEST	50847	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:44.099445105 CEST	443	50847	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:44.099474907 CEST	50847	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:44.099483967 CEST	443	50847	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:44.127398968 CEST	443	50850	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.183974981 CEST	50850	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.205776930 CEST	443	50849	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.210519075 CEST	443	50852	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.222233057 CEST	443	50848	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.226819992 CEST	443	50851	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.246414900 CEST	50849	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.262013912 CEST	50852	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.277626991 CEST	50848	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.277626991 CEST	50851	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.295753956 CEST	50851	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.295789003 CEST	443	50851	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.296196938 CEST	50851	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.296209097 CEST	443	50851	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.296447992 CEST	50848	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.296458006 CEST	443	50848	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.296865940 CEST	50848	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.296873093 CEST	443	50848	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.297230005 CEST	50850	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.297241926 CEST	443	50850	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.297868967 CEST	50850	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.297874928 CEST	443	50850	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.298150063 CEST	50849	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.298155069 CEST	443	50849	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.298587084 CEST	50849	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.298593044 CEST	443	50849	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.298856020 CEST	50852	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.298870087 CEST	443	50852	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.299247026 CEST	50852	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.299253941 CEST	443	50852	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.399712086 CEST	443	50852	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.399739981 CEST	443	50852	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.399801016 CEST	50852	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.399802923 CEST	443	50852	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.400033951 CEST	50852	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.400079012 CEST	50852	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.400095940 CEST	443	50852	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.400105000 CEST	50852	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.400110960 CEST	443	50852	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.400271893 CEST	443	50849	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.400335073 CEST	443	50849	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.400418043 CEST	50849	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.400572062 CEST	443	50850	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.400592089 CEST	443	50850	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.400600910 CEST	50849	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.400615931 CEST	443	50849	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.400644064 CEST	443	50850	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.400667906 CEST	50850	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.400746107 CEST	50850	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.401123047 CEST	443	50848	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.401151896 CEST	443	50848	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.401205063 CEST	50848	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.401241064 CEST	443	50848	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.401437998 CEST	50850	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.401437998 CEST	50850	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.401444912 CEST	443	50850	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.401446104 CEST	443	50848	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.401453972 CEST	443	50850	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.401508093 CEST	50848	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.402489901 CEST	443	50851	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.402509928 CEST	443	50851	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.402647972 CEST	50851	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.402657986 CEST	443	50851	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.402721882 CEST	443	50851	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.402765036 CEST	50851	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.403037071 CEST	50848	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.403055906 CEST	443	50848	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.403068066 CEST	50848	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.403076887 CEST	443	50848	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.405355930 CEST	50851	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.405364990 CEST	443	50851	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.405376911 CEST	50851	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.405383110 CEST	443	50851	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.407269001 CEST	50854	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.407320976 CEST	443	50854	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.407427073 CEST	50854	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.407869101 CEST	50853	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.407877922 CEST	443	50853	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.408132076 CEST	50853	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.408277035 CEST	50855	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.408309937 CEST	443	50855	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.408353090 CEST	50855	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.408433914 CEST	50854	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.408448935 CEST	443	50854	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.408601046 CEST	50855	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.408615112 CEST	443	50855	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.408998013 CEST	50853	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.409012079 CEST	443	50853	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.409105062 CEST	50856	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.409146070 CEST	443	50856	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.409209967 CEST	50856	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.409308910 CEST	50856	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.409317970 CEST	443	50856	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.410116911 CEST	50857	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.410147905 CEST	443	50857	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.410211086 CEST	50857	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.410373926 CEST	50857	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.410387993 CEST	443	50857	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.482877970 CEST	443	50847	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:44.482947111 CEST	443	50847	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:44.482986927 CEST	443	50847	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:44.483019114 CEST	50847	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:44.483042955 CEST	443	50847	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:44.483138084 CEST	50847	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:44.483170033 CEST	443	50847	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:44.483592987 CEST	50847	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:44.483592987 CEST	50847	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:44.483618975 CEST	443	50847	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:44.483683109 CEST	50847	443	192.168.2.4	40.126.32.134
Oct 7, 2024 11:22:44.483694077 CEST	443	50847	40.126.32.134	192.168.2.4
Oct 7, 2024 11:22:44.988245010 CEST	443	50856	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.988646030 CEST	50856	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.988667965 CEST	443	50856	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:44.989109993 CEST	50856	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:44.989116907 CEST	443	50856	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.070537090 CEST	443	50857	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.071043015 CEST	50857	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.071065903 CEST	443	50857	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.071441889 CEST	50857	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.071449041 CEST	443	50857	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.073106050 CEST	443	50855	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.073635101 CEST	50855	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.073652983 CEST	443	50855	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.074198008 CEST	50855	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.074204922 CEST	443	50855	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.087126970 CEST	443	50853	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.087526083 CEST	50853	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.087547064 CEST	443	50853	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.088140011 CEST	50853	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.088148117 CEST	443	50853	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.101485014 CEST	443	50856	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.101531982 CEST	443	50856	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.101615906 CEST	50856	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.101773977 CEST	50856	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.101797104 CEST	443	50856	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.101808071 CEST	50856	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.101813078 CEST	443	50856	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.105011940 CEST	50858	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.105046988 CEST	443	50858	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.105209112 CEST	50858	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.105375051 CEST	50858	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.105385065 CEST	443	50858	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.115503073 CEST	443	50854	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.115984917 CEST	50854	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.115993977 CEST	443	50854	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.116518021 CEST	50854	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.116522074 CEST	443	50854	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.179497004 CEST	443	50857	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.179615021 CEST	443	50857	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.179636002 CEST	443	50855	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.179665089 CEST	50857	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.179810047 CEST	443	50855	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.179867983 CEST	50855	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.179891109 CEST	50857	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.179907084 CEST	443	50857	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.179918051 CEST	50857	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.179924011 CEST	443	50857	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.180046082 CEST	50855	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.180063963 CEST	443	50855	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.180075884 CEST	50855	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.180083990 CEST	443	50855	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.183366060 CEST	50859	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.183414936 CEST	443	50859	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.183526993 CEST	50859	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.183648109 CEST	50859	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.183660030 CEST	443	50859	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.183794022 CEST	50860	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.183840036 CEST	443	50860	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.183912992 CEST	50860	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.184226036 CEST	50860	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.184245110 CEST	443	50860	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.200400114 CEST	443	50853	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.200423002 CEST	443	50853	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.200469971 CEST	443	50853	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.200603962 CEST	50853	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.200603962 CEST	50853	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.200737000 CEST	50853	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.200757980 CEST	443	50853	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.200772047 CEST	50853	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.200778961 CEST	443	50853	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.203247070 CEST	50861	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.203279018 CEST	443	50861	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.203543901 CEST	50861	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.203733921 CEST	50861	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.203744888 CEST	443	50861	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.231637955 CEST	443	50854	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.231699944 CEST	443	50854	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.231848955 CEST	50854	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.231966972 CEST	50854	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.231973886 CEST	443	50854	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.231988907 CEST	50854	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.231992960 CEST	443	50854	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.235300064 CEST	50862	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.235336065 CEST	443	50862	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.235409021 CEST	50862	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.235578060 CEST	50862	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.235590935 CEST	443	50862	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.762953997 CEST	443	50858	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.764673948 CEST	50858	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.764691114 CEST	443	50858	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.765332937 CEST	50858	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.765338898 CEST	443	50858	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.841934919 CEST	443	50859	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.844540119 CEST	443	50860	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.845087051 CEST	50859	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.845108032 CEST	443	50859	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.845462084 CEST	50859	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.845469952 CEST	443	50859	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.845705986 CEST	50860	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.845721960 CEST	443	50860	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.846054077 CEST	50860	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.846060991 CEST	443	50860	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.867482901 CEST	443	50861	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.868211031 CEST	50861	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.868227959 CEST	443	50861	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.868562937 CEST	50861	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.868568897 CEST	443	50861	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.872752905 CEST	443	50858	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.872777939 CEST	443	50858	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.872862101 CEST	50858	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.872881889 CEST	443	50858	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.872904062 CEST	443	50858	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.872944117 CEST	50858	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.872980118 CEST	50858	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.873557091 CEST	50858	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.873574018 CEST	443	50858	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.873585939 CEST	50858	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.873591900 CEST	443	50858	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.876775980 CEST	50863	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.876816034 CEST	443	50863	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.876907110 CEST	50863	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.877032042 CEST	50863	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.877048969 CEST	443	50863	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.896827936 CEST	443	50862	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.897802114 CEST	50862	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.897824049 CEST	443	50862	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:45.898366928 CEST	50862	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:45.898374081 CEST	443	50862	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.122812033 CEST	443	50859	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.122838020 CEST	443	50859	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.122888088 CEST	443	50859	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.122956038 CEST	50859	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.123027086 CEST	50859	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.123111010 CEST	443	50861	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.123135090 CEST	443	50861	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.123189926 CEST	443	50861	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.123238087 CEST	50861	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.123238087 CEST	50861	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.123400927 CEST	50859	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.123419046 CEST	443	50859	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.123425961 CEST	50861	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.123430967 CEST	50859	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.123437881 CEST	443	50859	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.123457909 CEST	443	50861	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.123470068 CEST	50861	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.123476982 CEST	443	50861	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.123809099 CEST	443	50862	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.123879910 CEST	443	50862	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.123925924 CEST	443	50862	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.124015093 CEST	50862	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.124015093 CEST	50862	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.124027014 CEST	443	50862	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.124073982 CEST	50862	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.126537085 CEST	50865	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.126555920 CEST	50864	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.126578093 CEST	443	50865	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.126590967 CEST	443	50864	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.126667976 CEST	50865	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.126818895 CEST	50864	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.126820087 CEST	50864	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.126852989 CEST	443	50864	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.126952887 CEST	50865	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.126969099 CEST	443	50865	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.127974033 CEST	443	50860	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.127996922 CEST	443	50860	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.128011942 CEST	443	50860	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.128079891 CEST	50860	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.128098011 CEST	443	50860	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.128127098 CEST	443	50860	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.128177881 CEST	50860	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.128397942 CEST	50860	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.128418922 CEST	443	50860	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.128432989 CEST	50860	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.128441095 CEST	443	50860	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.129621983 CEST	443	50862	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.129674911 CEST	443	50862	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.129745960 CEST	50862	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.129764080 CEST	443	50862	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.129803896 CEST	443	50862	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.129861116 CEST	50862	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.129861116 CEST	50862	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.129874945 CEST	443	50862	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.129893064 CEST	50862	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.129897118 CEST	443	50862	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.131299019 CEST	50866	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.131309986 CEST	443	50866	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.131401062 CEST	50866	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.131521940 CEST	50866	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.131536007 CEST	443	50866	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.132088900 CEST	50867	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.132111073 CEST	443	50867	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.132173061 CEST	50867	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.132333994 CEST	50867	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.132345915 CEST	443	50867	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.561687946 CEST	443	50863	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.562531948 CEST	50863	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.562568903 CEST	443	50863	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.562983036 CEST	50863	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.562990904 CEST	443	50863	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.674295902 CEST	443	50863	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.674318075 CEST	443	50863	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.674375057 CEST	443	50863	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.674700022 CEST	50863	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.674948931 CEST	50863	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.674971104 CEST	443	50863	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.674992085 CEST	50863	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.674998045 CEST	443	50863	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.701436043 CEST	50868	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.701495886 CEST	443	50868	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.701603889 CEST	50868	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.704822063 CEST	50868	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.704843998 CEST	443	50868	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.783413887 CEST	443	50864	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.791065931 CEST	50864	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.791079998 CEST	443	50864	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.792267084 CEST	50864	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.792273998 CEST	443	50864	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.794550896 CEST	443	50867	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.797430992 CEST	50867	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.797440052 CEST	443	50867	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.797813892 CEST	50867	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.797818899 CEST	443	50867	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.806299925 CEST	443	50865	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.806658983 CEST	50865	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.806673050 CEST	443	50865	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.807048082 CEST	50865	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.807053089 CEST	443	50865	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.813451052 CEST	443	50866	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.813854933 CEST	50866	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.813869953 CEST	443	50866	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.814193964 CEST	50866	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.814199924 CEST	443	50866	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.892885923 CEST	443	50864	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.893064022 CEST	443	50864	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.893131971 CEST	50864	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.893831968 CEST	50864	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.893846035 CEST	443	50864	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.893857956 CEST	50864	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.893863916 CEST	443	50864	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.900521994 CEST	50869	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.900593996 CEST	443	50869	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.900679111 CEST	50869	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.900813103 CEST	50869	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.900825977 CEST	443	50869	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.904160023 CEST	443	50867	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.904231071 CEST	443	50867	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.904299021 CEST	50867	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.904352903 CEST	50867	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.904359102 CEST	443	50867	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.904377937 CEST	50867	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.904381990 CEST	443	50867	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.907262087 CEST	50870	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.907274961 CEST	443	50870	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.907327890 CEST	50870	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.907519102 CEST	50870	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.907531977 CEST	443	50870	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.920308113 CEST	443	50865	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.920341969 CEST	443	50865	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.920417070 CEST	50865	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.920433044 CEST	443	50865	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.920488119 CEST	443	50865	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.920526981 CEST	50865	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.920593023 CEST	50865	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.920614004 CEST	443	50865	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.920624018 CEST	50865	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.920629978 CEST	443	50865	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.922905922 CEST	50871	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.922947884 CEST	443	50871	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.923012972 CEST	50871	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.923121929 CEST	50871	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.923139095 CEST	443	50871	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.923770905 CEST	443	50866	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.923943043 CEST	443	50866	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.924011946 CEST	50866	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.924032927 CEST	50866	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.924032927 CEST	50866	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.924045086 CEST	443	50866	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.924055099 CEST	443	50866	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.925862074 CEST	50872	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.925898075 CEST	443	50872	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:46.925967932 CEST	50872	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.926081896 CEST	50872	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:46.926090002 CEST	443	50872	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.353171110 CEST	443	50868	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.353705883 CEST	50868	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.353729010 CEST	443	50868	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.354144096 CEST	50868	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.354150057 CEST	443	50868	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.796967030 CEST	443	50868	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.797054052 CEST	443	50868	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.797122955 CEST	50868	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.797286987 CEST	50868	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.797302961 CEST	443	50868	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.797314882 CEST	50868	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.797321081 CEST	443	50868	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.799983025 CEST	50873	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.800024033 CEST	443	50873	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.800112963 CEST	50873	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.800246000 CEST	50873	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.800263882 CEST	443	50873	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.804105043 CEST	443	50870	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.804544926 CEST	50870	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.804580927 CEST	443	50870	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.804908991 CEST	50870	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.804915905 CEST	443	50870	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.805382967 CEST	443	50871	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.805780888 CEST	50871	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.805789948 CEST	443	50871	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.805989027 CEST	443	50869	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.806149960 CEST	50871	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.806154966 CEST	443	50871	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.806245089 CEST	50869	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.806252003 CEST	443	50869	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.806533098 CEST	443	50872	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.806689978 CEST	50869	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.806694031 CEST	443	50869	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.806773901 CEST	50872	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.806790113 CEST	443	50872	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.807118893 CEST	50872	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.807125092 CEST	443	50872	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.912563086 CEST	443	50870	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.912667036 CEST	443	50870	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.912728071 CEST	50870	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.912867069 CEST	50870	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.912894964 CEST	443	50870	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.912909985 CEST	50870	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.912916899 CEST	443	50870	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.915028095 CEST	443	50872	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.915184021 CEST	443	50872	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.915251970 CEST	50872	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.915312052 CEST	50872	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.915334940 CEST	443	50872	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.915355921 CEST	50872	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.915365934 CEST	443	50872	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.922086000 CEST	443	50871	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.922171116 CEST	443	50871	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.922269106 CEST	50871	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.926244020 CEST	50871	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.926259995 CEST	443	50871	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:47.926286936 CEST	50871	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:47.926291943 CEST	443	50871	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:48.333579063 CEST	443	50869	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:48.333671093 CEST	443	50869	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:48.333765984 CEST	50869	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:48.333787918 CEST	443	50869	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:48.333838940 CEST	50869	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:48.334059000 CEST	50869	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:48.334075928 CEST	443	50869	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:48.334095001 CEST	50869	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:48.334101915 CEST	443	50869	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:48.470181942 CEST	443	50873	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:48.470814943 CEST	50873	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:48.470844030 CEST	443	50873	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:48.471295118 CEST	50873	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:48.471301079 CEST	443	50873	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:48.580766916 CEST	443	50873	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:48.580838919 CEST	443	50873	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:48.580915928 CEST	50873	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:48.581131935 CEST	50873	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:48.581156969 CEST	443	50873	13.107.253.72	192.168.2.4
Oct 7, 2024 11:22:48.581171989 CEST	50873	443	192.168.2.4	13.107.253.72
Oct 7, 2024 11:22:48.581178904 CEST	443	50873	13.107.253.72	192.168.2.4
Oct 7, 2024 11:23:00.047137976 CEST	50875	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:23:00.047184944 CEST	443	50875	142.250.185.196	192.168.2.4
Oct 7, 2024 11:23:00.047348976 CEST	50875	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:23:00.047682047 CEST	50875	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:23:00.047696114 CEST	443	50875	142.250.185.196	192.168.2.4
Oct 7, 2024 11:23:00.685254097 CEST	443	50875	142.250.185.196	192.168.2.4
Oct 7, 2024 11:23:00.687413931 CEST	50875	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:23:00.687438011 CEST	443	50875	142.250.185.196	192.168.2.4
Oct 7, 2024 11:23:00.687896013 CEST	443	50875	142.250.185.196	192.168.2.4
Oct 7, 2024 11:23:00.688405991 CEST	50875	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:23:00.688606024 CEST	443	50875	142.250.185.196	192.168.2.4
Oct 7, 2024 11:23:00.733670950 CEST	50875	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:23:06.663722038 CEST	50876	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:06.663764000 CEST	443	50876	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:06.664081097 CEST	50876	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:06.664081097 CEST	50876	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:06.664124966 CEST	443	50876	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:07.429619074 CEST	443	50876	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:07.430130005 CEST	50876	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:07.430140972 CEST	443	50876	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:07.430511951 CEST	443	50876	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:07.430824041 CEST	50876	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:07.430882931 CEST	443	50876	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:07.430989027 CEST	50876	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:07.430989027 CEST	50876	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:07.431009054 CEST	443	50876	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:07.733645916 CEST	443	50876	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:07.734217882 CEST	443	50876	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:07.734280109 CEST	50876	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:07.734568119 CEST	50876	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:07.734584093 CEST	443	50876	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:09.657366991 CEST	50878	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:09.657396078 CEST	443	50878	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:09.657469034 CEST	50878	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:09.657804012 CEST	50878	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:09.657820940 CEST	443	50878	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:10.305217028 CEST	443	50878	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:10.305664062 CEST	50878	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:10.305679083 CEST	443	50878	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:10.306073904 CEST	443	50878	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:10.306380033 CEST	50878	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:10.306447029 CEST	443	50878	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:10.306528091 CEST	50878	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:10.306546926 CEST	50878	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:10.306560993 CEST	443	50878	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:10.588016033 CEST	443	50875	142.250.185.196	192.168.2.4
Oct 7, 2024 11:23:10.588083029 CEST	443	50875	142.250.185.196	192.168.2.4
Oct 7, 2024 11:23:10.588165998 CEST	50875	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:23:10.607008934 CEST	443	50878	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:10.607654095 CEST	443	50878	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:10.607711077 CEST	50878	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:10.615232944 CEST	50878	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:10.615250111 CEST	443	50878	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:20.816549063 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:20.816584110 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:20.816740990 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:20.816843987 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:20.816883087 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:20.816972971 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:20.821939945 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:20.821955919 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:20.823555946 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:20.823570013 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:20.830452919 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:20.830492020 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:20.830607891 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:20.830909014 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:20.830924034 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:20.859303951 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:20.859344959 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:20.859477043 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:20.860176086 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:20.860191107 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:20.905797005 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:20.905816078 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:20.905894041 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:20.907195091 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:20.907210112 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.385266066 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.385337114 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.385598898 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.385684013 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.387891054 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.387986898 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.439515114 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.439554930 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.439836025 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.439836025 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.439836979 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.439850092 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.439866066 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.439871073 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.439873934 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.439882994 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.439888000 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.439945936 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.440164089 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.440181017 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.440222979 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.440253973 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.440253973 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.467695951 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.467796087 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.472219944 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.472228050 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.472551107 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.472564936 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.472595930 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.487395048 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.509407043 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.509480953 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.512552023 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.512557983 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.512700081 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.512706995 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.512885094 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.512943029 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.519406080 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.551058054 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.551083088 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.551096916 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.551158905 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.551158905 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.551177025 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.551198006 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.551223040 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.579279900 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.579310894 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.579329967 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.579386950 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.579396009 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.579428911 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.579451084 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.614913940 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.614948988 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.614969015 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.614985943 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.614995003 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.615015030 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.615075111 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.636949062 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.636976004 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.637207985 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.637207985 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.637217999 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.637311935 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.638627052 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.638643026 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.638788939 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.638796091 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.638940096 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.653439999 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.653466940 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.653502941 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.653533936 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.653546095 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.653585911 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.654460907 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.654469013 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.654537916 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.654546022 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.654586077 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.655045033 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.655098915 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.663079977 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.663110971 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.663160086 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.663170099 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.663191080 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.663211107 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.663969040 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.663991928 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.664036036 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.664041996 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.664071083 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.664089918 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.666591883 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.666629076 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.666702986 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.666713953 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.667561054 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.667671919 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.667681932 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.668180943 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.668313980 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.668370008 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.703435898 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.703470945 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.703531981 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.703542948 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.703593969 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.705826998 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.705851078 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.705893040 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.705899954 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.705934048 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.705960989 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.723114967 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.723155022 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.723222017 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.723246098 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.723297119 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.723297119 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.724294901 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.724318027 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.724456072 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.724456072 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.724473000 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.724558115 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.725246906 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.725265980 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.725423098 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.725438118 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.725579977 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.727001905 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.727019072 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.727056980 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.727083921 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.727122068 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.727122068 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.740433931 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.740520954 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.740547895 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.740632057 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.740963936 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.741039038 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.741046906 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.741091967 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.741669893 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.741743088 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.741748095 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.741810083 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.742568016 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.742624044 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.742630005 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.742666960 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.749861002 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.749895096 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.749944925 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.749953985 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.749972105 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.749995947 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.750844002 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.750864983 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.750924110 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.750930071 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.751024008 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.752422094 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.752443075 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.752501965 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.752506971 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.752552986 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.755306959 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.755374908 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.755389929 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.755438089 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.755875111 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.755932093 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.755939960 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.756098986 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.756660938 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.756717920 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.756726027 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.756835938 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.757436991 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.757493019 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.757499933 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.757585049 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.791558027 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.791608095 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.791647911 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.791657925 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.791692972 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.791713953 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.793207884 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.793232918 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.793284893 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.793293953 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.793324947 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.793356895 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.793454885 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.793478966 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.793519020 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.793524981 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.793550968 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.793570042 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.794794083 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.794816971 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.794886112 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:21.794893026 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:21.794930935 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.023545027 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.023560047 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.023591042 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.023637056 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.023649931 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.023775101 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.023775101 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.024004936 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.024027109 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.024393082 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.024400949 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.024400949 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.024416924 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.024466991 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.024487972 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.024848938 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.024867058 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.025271893 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.025285006 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.025341988 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.025367975 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.025384903 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.025443077 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.025450945 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.025669098 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.025959969 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.025976896 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.026040077 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.026046991 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.026068926 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.026101112 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.026112080 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.026117086 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.026125908 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.026160002 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.026165962 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.026175976 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.026205063 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.026236057 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.026290894 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.026298046 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.026335955 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.026448965 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.026506901 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.026513100 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.026657104 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.026709080 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.026714087 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.026751995 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.026873112 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.026920080 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.026926041 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.026959896 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.027654886 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.027672052 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.027707100 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.027725935 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.027738094 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.027770996 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.027792931 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.028022051 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.028043032 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.028079033 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.028083086 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.028110981 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.028132915 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.028433084 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.028454065 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.028498888 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.028503895 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.028537989 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.028552055 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.028826952 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.028846979 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.028893948 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.028898954 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.028939009 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.028953075 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.029202938 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.029222965 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.029256105 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.029262066 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.029309988 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.029373884 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.029577971 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.029598951 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.029661894 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.029668093 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.029695034 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.029711962 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.029814959 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.029827118 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.029906988 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.029920101 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.029962063 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.029968977 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.029978037 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.030019045 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.030045033 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.030049086 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.030133963 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.030163050 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.030220032 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.030226946 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.030260086 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.030458927 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.030519009 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.030527115 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.030705929 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.030769110 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.030776024 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.030827999 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.030936003 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.031012058 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.031018019 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.031064034 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.031183004 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.031253099 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.031259060 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.031323910 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.031409025 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.031491041 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.031497955 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.031698942 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.032300949 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.032320976 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.032349110 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.032367945 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.032376051 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.032398939 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.032469988 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.032505035 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.032555103 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.032561064 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.032614946 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.032644987 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.032672882 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.032695055 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.032701969 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.032712936 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.032741070 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.032766104 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.032795906 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.032818079 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.032823086 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.032845974 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.032864094 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.032872915 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.032897949 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.032921076 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.032927036 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.032948971 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.032962084 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.033111095 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.033143044 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.033184052 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.033190012 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.033200979 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.033294916 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.033345938 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.033353090 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.033371925 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.033423901 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.033430099 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.033471107 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.038806915 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.038836956 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.038883924 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.038901091 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.038938046 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.038938999 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.039002895 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.039064884 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.039077997 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.039129019 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.039243937 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.039259911 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.039314985 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.039326906 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.039477110 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.039501905 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.039530039 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.039535999 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.039577961 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.039849043 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.039885044 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.039937019 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.039943933 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.039988995 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.040127039 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.040232897 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.040235043 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.040241003 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.040256023 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.040293932 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.040303946 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.040308952 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.040340900 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.040364027 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.040405989 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.040405989 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.040409088 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.040410995 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.040424109 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.040441036 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.040483952 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.040550947 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.040550947 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.040580988 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.040651083 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.040803909 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.040842056 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.040863991 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.040872097 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.040899038 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.040916920 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.040940046 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.040956974 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.041106939 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.041125059 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.041222095 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.041867971 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.041951895 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.041960955 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.041985989 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.042004108 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.042026043 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.042048931 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.042054892 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.042067051 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.042082071 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.042104006 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.042135000 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.042138100 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.042149067 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.042191982 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.042201042 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.042206049 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.042244911 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.042531967 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.042547941 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.042589903 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.042602062 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.042639017 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.042639017 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.042706966 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.042762995 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.042768002 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.042773008 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.042826891 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.042831898 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.042867899 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.042938948 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.042958975 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043018103 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.043024063 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043064117 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.043082952 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043113947 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043145895 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.043152094 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043199062 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043203115 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.043203115 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.043217897 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043251991 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043260098 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.043283939 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.043288946 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043317080 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.043343067 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.043442965 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043505907 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.043512106 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043520927 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043576956 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.043582916 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043592930 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043612957 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043622971 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.043759108 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.043775082 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043852091 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043879032 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043920994 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.043931007 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.043956041 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.043966055 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.043999910 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.044019938 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.044143915 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.044151068 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.044373989 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.044378996 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.044445992 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.044452906 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.044464111 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.044492960 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.044538975 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.044538975 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.044545889 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.044563055 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.044584036 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.044588089 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.044604063 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.044635057 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.044651031 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.044655085 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.044657946 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.044672966 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.044678926 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.044723988 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.044729948 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.044749022 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.044764042 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.044847012 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.045123100 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045140028 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045253992 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045289040 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.045300007 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045300961 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045322895 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045331955 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.045340061 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045350075 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045356035 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.045377016 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.045377970 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.045383930 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045411110 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.045416117 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.045445919 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.045649052 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045665026 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045733929 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045754910 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.045754910 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.045761108 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045768023 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045785904 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.045844078 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.045845032 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045861959 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045891047 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045893908 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.045938015 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.045945883 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045947075 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.045962095 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.045969009 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.045994997 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.046010017 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.046011925 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.046017885 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.046051025 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.046068907 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.046163082 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.046232939 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.046238899 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.046252966 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.046313047 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.046314001 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.046320915 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.046363115 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.046405077 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.046426058 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.046458960 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.046466112 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.046514034 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.046534061 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.046607971 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.046667099 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.046674967 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.046713114 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.046747923 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.046806097 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.046813011 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.046869993 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.046885014 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.046937943 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.046946049 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.046957016 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.046972990 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.047018051 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.047046900 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.047046900 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.047064066 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.047137976 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.047261953 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.047285080 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.047326088 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.047334909 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.047353983 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.047399998 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.047467947 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.047511101 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.047518969 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.047584057 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.047599077 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.047600985 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.047678947 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.047678947 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.047693968 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.047799110 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.047822952 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.047882080 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.047885895 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.047894955 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.047902107 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.047925949 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.047947884 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.047956944 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.047980070 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.047986984 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.048008919 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048017025 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048017979 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.048032999 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048038960 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.048048973 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048068047 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.048084021 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048089027 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.048124075 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048125029 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.048132896 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.048136950 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048141956 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.048186064 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048213005 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.048217058 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048218966 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048223019 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.048239946 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.048297882 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048305035 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.048335075 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048337936 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048351049 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048624039 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.048641920 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.048738003 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048738003 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048752069 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.048788071 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.048854113 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048860073 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.048876047 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048909903 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.048974037 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.048981905 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.049031019 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.049032927 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.049093008 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.049123049 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.049123049 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.049129009 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.049143076 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.049154043 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.049180031 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.049185991 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.049210072 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.049218893 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.049240112 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.049392939 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.049407959 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.049453974 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.049453974 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.049470901 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.049660921 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.049722910 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.049730062 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.049745083 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.049767017 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.049771070 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.049777985 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.049793005 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.049810886 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.049815893 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.049839020 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.049846888 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.049851894 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.050019979 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.050024986 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.050035954 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.050044060 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.050088882 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.050096035 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.050121069 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.050131083 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.050133944 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.050138950 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.050165892 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.050194025 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.050209045 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.050482988 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.050551891 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.050559044 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.050581932 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.050611019 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.050616980 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.050632000 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.050672054 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.051249027 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.051297903 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.051311016 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.051316023 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.051341057 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.051362991 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.051708937 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.051729918 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.051767111 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.051772118 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.051804066 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.052438021 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.052823067 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.052891016 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.052897930 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.052999973 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.053247929 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.053265095 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.053487062 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.053487062 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.053513050 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.053932905 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.055562019 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.055668116 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.055675030 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.055711985 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.056051970 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.056114912 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.056122065 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.056282997 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.056540966 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.056602001 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.056608915 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.056704044 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.056713104 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.056763887 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.056766033 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.056776047 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.056797028 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.056797028 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.056804895 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.056807995 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.056826115 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.056829929 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.056864023 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.056886911 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.056960106 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.056981087 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.057034969 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.057048082 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.057080030 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.057159901 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.057216883 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.057223082 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.057259083 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.057383060 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.057435036 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.057442904 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.057558060 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.057720900 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.057759047 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.057796001 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.057805061 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.057821035 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.057841063 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.057847977 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.057867050 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.057951927 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.057960033 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.057960033 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.057967901 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.058032036 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.058033943 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.058043957 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.058052063 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.058052063 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.058080912 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.058106899 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.058110952 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.058187008 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.058207035 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.058239937 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.058245897 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.058274984 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.058279991 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.058290005 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.058346033 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.058418036 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.058424950 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.058458090 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.058511972 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.058518887 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.058767080 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.058800936 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.058830023 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.058836937 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.058865070 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.058867931 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.058887959 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.058983088 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.059035063 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.059036970 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.059046030 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.059083939 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.059101105 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.059104919 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.059154034 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.059170008 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.059178114 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.059207916 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.059214115 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.059242964 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.059252024 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.059262037 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.059289932 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.059314966 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.059320927 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.059351921 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.059370995 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.059535980 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.059604883 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.059612036 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.059624910 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.059627056 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.059653044 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.059689999 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.059695005 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.059699059 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.059721947 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.059726000 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.059751034 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.059786081 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.060008049 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.060036898 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.060059071 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.060100079 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.060107946 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.060122013 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.060141087 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.060152054 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.060161114 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.060163021 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.060177088 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.060182095 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.060213089 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.060218096 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.060250044 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.060275078 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.060280085 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.060280085 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.060291052 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.060321093 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.060333014 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.060364008 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.060368061 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.060379982 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.060408115 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.060559034 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.060585022 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.060616970 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.060623884 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.060650110 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.060668945 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.060950041 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.060967922 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.061013937 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.061021090 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.061055899 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.061074018 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.061481953 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.061503887 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.061553001 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.061558962 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.061578035 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.061619043 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.069710016 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.069729090 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.069844007 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.069864035 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.069957018 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.069987059 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.070111036 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.070111036 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.070132971 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.070317984 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.070334911 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.070470095 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.070470095 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.070491076 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.070692062 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.070713043 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.070743084 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.070760965 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.070812941 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.070812941 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.070930004 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.071012974 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.071027994 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.071208000 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.071211100 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.071223974 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.071242094 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.071270943 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.071412086 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.071420908 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.071501017 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.071584940 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.071599960 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.071650982 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.071665049 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.071741104 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.071873903 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.071888924 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.071950912 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.071966887 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.071983099 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.072138071 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.087872982 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.087969065 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.087981939 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.088056087 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.088126898 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.088181973 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.088187933 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.088227987 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.088351965 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.088402987 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.088408947 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.088444948 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.088644028 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.088701963 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.088706970 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.088743925 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.088937998 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.088998079 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.089004040 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.089052916 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.089327097 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.089437008 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.089442968 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.089481115 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.089515924 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.089564085 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.089569092 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.089600086 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.089704990 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.089760065 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.089765072 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.089809895 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.090204000 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.090265989 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.090270996 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.090347052 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.090378046 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.090383053 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.090405941 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.090430975 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.090521097 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.090573072 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.090578079 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.090620041 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.090831995 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.090883017 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.090888023 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.090930939 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.091064930 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.091126919 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.091133118 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.091165066 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.091485023 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.091543913 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.091550112 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.091593981 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.091695070 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.091747999 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.091753006 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.091886044 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.100866079 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.100903988 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.100944042 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.100956917 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.100980043 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.101001978 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.101181030 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.101202011 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.101246119 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.101253033 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.101277113 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.101294994 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.101794958 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.101826906 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.101861954 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.101869106 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.101896048 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.101913929 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.102281094 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.102302074 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.102359056 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.102364063 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.102385998 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.102404118 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.102803946 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.102824926 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.102874041 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.102879047 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.102905035 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.102927923 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.103382111 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.103411913 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.103461027 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.103466034 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.103493929 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.103508949 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.103913069 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.103935957 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.103996992 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.104002953 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.104034901 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.104377985 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.104397058 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.104432106 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.104437113 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.104494095 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.109137058 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.109242916 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.109258890 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.109457970 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.109532118 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.109543085 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.109716892 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.110102892 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.110188961 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.110196114 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.110297918 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.110356092 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.110363007 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.110404968 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.110651970 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.110713959 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.110723019 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.110797882 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.110806942 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.110832930 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.110866070 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.110886097 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.110889912 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.110975981 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.111035109 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.111042976 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.111110926 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.111155987 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.111215115 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.111222982 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.111368895 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.111418962 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.111418962 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.111427069 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.111701965 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.111768007 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.111777067 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.111835957 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.111896038 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.111903906 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.111944914 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.112046957 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.112107038 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.112116098 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.112179995 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.112236977 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.112243891 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.112390995 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.112421989 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.112493038 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.112498999 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.112545013 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.112546921 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.112569094 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.112601042 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.112621069 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.112624884 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.112663031 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.112669945 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.112685919 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.113909960 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.113924026 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.113972902 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.128863096 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.128985882 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.129003048 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.129040003 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.129045010 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.129084110 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.146194935 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.146239042 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.146330118 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.146342993 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.146394014 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.146433115 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.146502018 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.146529913 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.146562099 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.146574020 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.146612883 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.146634102 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.147058964 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.147088051 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.147135973 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.147142887 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.147183895 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.147619963 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.147646904 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.147742033 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.147751093 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.147854090 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.148101091 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.148127079 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.148171902 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.148180008 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.148235083 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.148260117 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.148657084 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.148683071 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.148756981 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.148763895 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.148812056 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.149035931 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.149065018 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.149111986 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.149117947 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.149185896 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.157437086 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.157506943 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.157650948 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.157650948 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.157671928 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.157695055 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.157721996 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.157752991 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.157763958 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.157826900 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.157826900 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.157990932 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.158027887 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.158075094 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.158085108 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.158102989 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.158123970 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.158123970 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.158206940 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.160196066 CEST	50883	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.160226107 CEST	443	50883	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.164397955 CEST	50884	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.164431095 CEST	443	50884	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.186558008 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.186597109 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.186707973 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.186718941 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.186732054 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.186770916 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.186840057 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.186886072 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.186913013 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.186918974 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.186929941 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.186952114 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.186981916 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.187001944 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.196297884 CEST	50886	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.196312904 CEST	443	50886	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.197575092 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.197655916 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.197673082 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.197712898 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.197808027 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.197870016 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.197876930 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.197902918 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.197931051 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.197937965 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.197964907 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.197993040 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.198028088 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.198148966 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.198151112 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.198167086 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.198201895 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.198210001 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.198379993 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.198683023 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.198740005 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.198746920 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.198769093 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.198800087 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.198806047 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.198833942 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.198863983 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.198888063 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.198893070 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.198904037 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.198934078 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.198936939 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.199109077 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.211651087 CEST	50882	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.211669922 CEST	443	50882	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.235161066 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.235198975 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.235238075 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.235245943 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.235291004 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.235312939 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.235613108 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.235639095 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.235675097 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.235682011 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.235709906 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.235729933 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.236283064 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.236308098 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.236352921 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.236360073 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.236403942 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.236726046 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.236737013 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.236785889 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.236793041 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.236819029 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.236838102 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.237349033 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.237374067 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.237428904 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.237435102 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.237468004 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.237490892 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.237833023 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.237858057 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.237976074 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.237983942 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.238027096 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.238387108 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.238413095 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.238451004 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.238457918 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.238485098 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.238503933 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.276384115 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.276421070 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.276465893 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.276477098 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.276510954 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.276541948 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.323755980 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.323849916 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.323868036 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.323935032 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.323968887 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:22.324132919 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.447437048 CEST	50885	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:22.447454929 CEST	443	50885	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.149662971 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.149710894 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.149770975 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.150583029 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.150608063 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.696774006 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.696893930 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.697421074 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.697426081 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.698040009 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.698057890 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.804131031 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.804157019 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.804219007 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.804286003 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.804286003 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.804286003 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.804301977 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.804357052 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.885550976 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.885575056 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.885828018 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.885845900 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.885890007 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.889319897 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.889338017 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.889391899 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.889400959 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.889534950 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.972021103 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.972048044 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.972148895 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.972168922 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.972980976 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.973004103 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.973012924 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.973026991 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.973090887 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.973840952 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.974091053 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.974116087 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.974186897 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.974199057 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.974227905 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.974411011 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.976125956 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.976146936 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.976545095 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:23.976556063 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:23.976720095 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.058072090 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.058197975 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.058207989 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.058276892 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.058613062 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.058636904 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.058685064 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.058691978 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.058970928 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.058970928 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.059740067 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.059758902 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.059900999 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.059910059 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.060266018 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.060859919 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.060878992 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.061038017 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.061045885 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.061222076 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.061980963 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.061997890 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.062036991 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.062048912 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.062093973 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.062093973 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.062599897 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.062618017 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.062709093 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.062716961 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.062969923 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.143409967 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.143430948 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.143546104 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.143546104 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.143558979 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.143776894 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.143863916 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.143877983 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.143991947 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.143991947 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.144004107 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.144114971 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.144593954 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.144608974 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.144750118 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.144750118 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.144762039 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.144901037 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.145189047 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.145203114 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.145256042 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.145263910 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.145514011 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.145533085 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.145565987 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.145565987 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.145575047 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.145596981 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.145658016 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.146357059 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.146369934 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.146424055 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.146446943 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.146486044 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.146486044 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.146524906 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.146539927 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.146579027 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.146585941 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.146692991 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.146692991 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.152126074 CEST	50875	443	192.168.2.4	142.250.185.196
Oct 7, 2024 11:23:24.152157068 CEST	443	50875	142.250.185.196	192.168.2.4
Oct 7, 2024 11:23:24.191557884 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.191577911 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.191685915 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.191705942 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.191761017 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.229931116 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.229948997 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.230041981 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.230115891 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.230115891 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.230130911 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.230216026 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.230510950 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.230525970 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.230643034 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.230652094 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.230854988 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.230854988 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.230989933 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.231014013 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.231085062 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.231085062 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.231092930 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.231197119 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.234694958 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.234714031 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.234858990 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.234865904 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.235090017 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.235107899 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.235162973 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.235174894 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.235198975 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.235198975 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.235387087 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.235459089 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.235474110 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.235551119 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.235551119 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.235560894 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.235599041 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.277534008 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.277549982 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.277672052 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.277689934 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.277770996 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.316127062 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.316144943 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.316199064 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.316212893 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.316262007 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.316318035 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.316318035 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.316329002 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.316390991 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.316428900 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.316445112 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.316492081 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.316500902 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.316526890 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.316706896 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.316777945 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.316795111 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.316907883 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.316915035 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.316968918 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.317110062 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.317126989 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.317173004 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.317179918 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.317236900 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.317236900 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.317312002 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.317327023 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.317375898 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.317384005 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.317400932 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.317437887 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:24.317450047 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.317502975 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.334356070 CEST	50887	443	192.168.2.4	150.171.27.10
Oct 7, 2024 11:23:24.334378958 CEST	443	50887	150.171.27.10	192.168.2.4
Oct 7, 2024 11:23:37.205230951 CEST	50889	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:37.205291033 CEST	443	50889	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:37.205349922 CEST	50889	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:37.207113981 CEST	50889	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:37.207129002 CEST	443	50889	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:37.840826035 CEST	443	50889	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:37.841376066 CEST	50889	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:37.841404915 CEST	443	50889	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:37.842525005 CEST	443	50889	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:37.842943907 CEST	50889	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:37.843013048 CEST	443	50889	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:37.843116045 CEST	50889	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:37.843133926 CEST	50889	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:37.843146086 CEST	443	50889	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:38.054114103 CEST	443	50889	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:38.054855108 CEST	443	50889	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:38.054934025 CEST	50889	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:38.055232048 CEST	50889	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:38.055255890 CEST	443	50889	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:39.721194029 CEST	50890	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:39.721232891 CEST	443	50890	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:39.721391916 CEST	50890	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:39.721771002 CEST	50890	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:39.721786022 CEST	443	50890	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:40.373857975 CEST	443	50890	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:40.374562979 CEST	50890	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:40.374603987 CEST	443	50890	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:40.374970913 CEST	443	50890	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:40.375350952 CEST	50890	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:40.375426054 CEST	443	50890	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:40.375514030 CEST	50890	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:40.375555992 CEST	50890	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:40.375564098 CEST	443	50890	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:40.672105074 CEST	443	50890	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:40.673774958 CEST	443	50890	142.250.186.110	192.168.2.4
Oct 7, 2024 11:23:40.673875093 CEST	50890	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:40.674010038 CEST	50890	443	192.168.2.4	142.250.186.110
Oct 7, 2024 11:23:40.674025059 CEST	443	50890	142.250.186.110	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 11:21:54.880464077 CEST	53	50781	1.1.1.1	192.168.2.4
Oct 7, 2024 11:21:55.904882908 CEST	53	55159	1.1.1.1	192.168.2.4
Oct 7, 2024 11:21:55.985491037 CEST	54064	53	192.168.2.4	1.1.1.1
Oct 7, 2024 11:21:55.988569975 CEST	60611	53	192.168.2.4	1.1.1.1
Oct 7, 2024 11:21:55.992130041 CEST	53	54064	1.1.1.1	192.168.2.4
Oct 7, 2024 11:21:55.995439053 CEST	53	60611	1.1.1.1	192.168.2.4
Oct 7, 2024 11:21:56.126683950 CEST	53	50559	1.1.1.1	192.168.2.4
Oct 7, 2024 11:21:57.051956892 CEST	58195	53	192.168.2.4	1.1.1.1
Oct 7, 2024 11:21:57.052192926 CEST	53275	53	192.168.2.4	1.1.1.1
Oct 7, 2024 11:21:57.059351921 CEST	53	58195	1.1.1.1	192.168.2.4
Oct 7, 2024 11:21:57.059446096 CEST	53	53275	1.1.1.1	192.168.2.4
Oct 7, 2024 11:21:57.096487045 CEST	53	59241	1.1.1.1	192.168.2.4
Oct 7, 2024 11:21:59.987911940 CEST	63022	53	192.168.2.4	1.1.1.1
Oct 7, 2024 11:21:59.988198996 CEST	55949	53	192.168.2.4	1.1.1.1
Oct 7, 2024 11:21:59.995062113 CEST	53	63022	1.1.1.1	192.168.2.4
Oct 7, 2024 11:21:59.995078087 CEST	53	55949	1.1.1.1	192.168.2.4
Oct 7, 2024 11:22:02.504790068 CEST	53	54717	1.1.1.1	192.168.2.4
Oct 7, 2024 11:22:04.996973038 CEST	49337	53	192.168.2.4	1.1.1.1
Oct 7, 2024 11:22:04.997353077 CEST	59902	53	192.168.2.4	1.1.1.1
Oct 7, 2024 11:22:05.003942013 CEST	53	49337	1.1.1.1	192.168.2.4
Oct 7, 2024 11:22:05.004829884 CEST	53	59902	1.1.1.1	192.168.2.4
Oct 7, 2024 11:22:06.204515934 CEST	51973	53	192.168.2.4	1.1.1.1
Oct 7, 2024 11:22:06.204689980 CEST	56515	53	192.168.2.4	1.1.1.1
Oct 7, 2024 11:22:06.211749077 CEST	53	51973	1.1.1.1	192.168.2.4
Oct 7, 2024 11:22:06.214845896 CEST	53	56515	1.1.1.1	192.168.2.4
Oct 7, 2024 11:22:08.126863956 CEST	53	64971	1.1.1.1	192.168.2.4
Oct 7, 2024 11:22:14.020112038 CEST	53	53706	1.1.1.1	192.168.2.4
Oct 7, 2024 11:22:33.102570057 CEST	53	60840	1.1.1.1	192.168.2.4
Oct 7, 2024 11:22:55.541115999 CEST	53	53874	1.1.1.1	192.168.2.4
Oct 7, 2024 11:22:56.108140945 CEST	53	64386	1.1.1.1	192.168.2.4
Oct 7, 2024 11:23:06.656080008 CEST	58787	53	192.168.2.4	1.1.1.1
Oct 7, 2024 11:23:06.656220913 CEST	60481	53	192.168.2.4	1.1.1.1
Oct 7, 2024 11:23:06.663091898 CEST	53	58787	1.1.1.1	192.168.2.4
Oct 7, 2024 11:23:06.663130045 CEST	53	60481	1.1.1.1	192.168.2.4
Oct 7, 2024 11:23:07.433470964 CEST	53	61742	1.1.1.1	192.168.2.4
Oct 7, 2024 11:23:24.159796000 CEST	53	64480	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 7, 2024 11:21:55.985491037 CEST	192.168.2.4	1.1.1.1	0x50c6	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:55.988569975 CEST	192.168.2.4	1.1.1.1	0x75aa	Standard query (0)	youtube.com	65	IN (0x0001)	false
Oct 7, 2024 11:21:57.051956892 CEST	192.168.2.4	1.1.1.1	0xd3f7	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:57.052192926 CEST	192.168.2.4	1.1.1.1	0xb9f	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 11:21:59.987911940 CEST	192.168.2.4	1.1.1.1	0x4757	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:59.988198996 CEST	192.168.2.4	1.1.1.1	0xe70c	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 7, 2024 11:22:04.996973038 CEST	192.168.2.4	1.1.1.1	0x9be7	Standard query (0)	accounts.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:22:04.997353077 CEST	192.168.2.4	1.1.1.1	0x4700	Standard query (0)	accounts.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 11:22:06.204515934 CEST	192.168.2.4	1.1.1.1	0x9046	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:22:06.204689980 CEST	192.168.2.4	1.1.1.1	0x2121	Standard query (0)	play.google.com	65	IN (0x0001)	false
Oct 7, 2024 11:23:06.656080008 CEST	192.168.2.4	1.1.1.1	0x1903	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:23:06.656220913 CEST	192.168.2.4	1.1.1.1	0x3c27	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 7, 2024 11:21:55.992130041 CEST	1.1.1.1	192.168.2.4	0x50c6	No error (0)	youtube.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:55.995439053 CEST	1.1.1.1	192.168.2.4	0x75aa	No error (0)	youtube.com			65	IN (0x0001)	false
Oct 7, 2024 11:21:57.059351921 CEST	1.1.1.1	192.168.2.4	0xd3f7	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 11:21:57.059351921 CEST	1.1.1.1	192.168.2.4	0xd3f7	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:57.059351921 CEST	1.1.1.1	192.168.2.4	0xd3f7	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:57.059351921 CEST	1.1.1.1	192.168.2.4	0xd3f7	No error (0)	youtube-ui.l.google.com		216.58.212.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:57.059351921 CEST	1.1.1.1	192.168.2.4	0xd3f7	No error (0)	youtube-ui.l.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:57.059351921 CEST	1.1.1.1	192.168.2.4	0xd3f7	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:57.059351921 CEST	1.1.1.1	192.168.2.4	0xd3f7	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:57.059351921 CEST	1.1.1.1	192.168.2.4	0xd3f7	No error (0)	youtube-ui.l.google.com		172.217.18.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:57.059351921 CEST	1.1.1.1	192.168.2.4	0xd3f7	No error (0)	youtube-ui.l.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:57.059351921 CEST	1.1.1.1	192.168.2.4	0xd3f7	No error (0)	youtube-ui.l.google.com		216.58.212.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:57.059351921 CEST	1.1.1.1	192.168.2.4	0xd3f7	No error (0)	youtube-ui.l.google.com		172.217.23.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:57.059351921 CEST	1.1.1.1	192.168.2.4	0xd3f7	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:57.059351921 CEST	1.1.1.1	192.168.2.4	0xd3f7	No error (0)	youtube-ui.l.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:57.059351921 CEST	1.1.1.1	192.168.2.4	0xd3f7	No error (0)	youtube-ui.l.google.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:57.059351921 CEST	1.1.1.1	192.168.2.4	0xd3f7	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:57.059351921 CEST	1.1.1.1	192.168.2.4	0xd3f7	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:57.059351921 CEST	1.1.1.1	192.168.2.4	0xd3f7	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:57.059446096 CEST	1.1.1.1	192.168.2.4	0xb9f	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 11:21:57.059446096 CEST	1.1.1.1	192.168.2.4	0xb9f	No error (0)	youtube-ui.l.google.com			65	IN (0x0001)	false
Oct 7, 2024 11:21:59.995062113 CEST	1.1.1.1	192.168.2.4	0x4757	No error (0)	www.google.com		142.250.185.196	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:21:59.995078087 CEST	1.1.1.1	192.168.2.4	0xe70c	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 7, 2024 11:22:05.003942013 CEST	1.1.1.1	192.168.2.4	0x9be7	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 11:22:05.003942013 CEST	1.1.1.1	192.168.2.4	0x9be7	No error (0)	www3.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:22:05.004829884 CEST	1.1.1.1	192.168.2.4	0x4700	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 11:22:06.211749077 CEST	1.1.1.1	192.168.2.4	0x9046	No error (0)	play.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:23:06.663091898 CEST	1.1.1.1	192.168.2.4	0x1903	No error (0)	play.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

slscr.update.microsoft.com

youtube.com

www.youtube.com

fs.microsoft.com

otelrules.azureedge.net

https:

accounts.youtube.com

play.google.com

www.google.com

tse1.mm.bing.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:21:53 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DAMwOOzTRRVX+Tw&MD=BRTKKwKf HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 09:21:53 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: c80913d5-26be-450f-b7eb-d7a59c129a37 MS-RequestId: b5cc16cb-f82a-41ee-a6dd-cdeb99695438 MS-CV: X8jUOLt7kUmycqxQ.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 09:21:52 GMT Connection: close Content-Length: 24490
2024-10-07 09:21:53 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-07 09:21:53 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	50552	142.250.186.78	443	6768	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:21:56 UTC	851	OUT	GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1 Host: youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 09:21:57 UTC	1704	IN	HTTP/1.1 301 Moved Permanently Content-Type: application/binary X-Content-Type-Options: nosniff Expires: Mon, 07 Oct 2024 09:21:56 GMT Date: Mon, 07 Oct 2024 09:21:56 GMT Cache-Control: private, max-age=31536000 Location: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Frame-Options: SAMEORIGIN Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Content-Security-Policy: require-trusted-types-for 'script' Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Server: ESF Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	50558	142.250.185.206	443	6768	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:21:57 UTC	869	OUT	GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1 Host: www.youtube.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 09:21:58 UTC	2634	IN	HTTP/1.1 303 See Other Content-Type: application/binary X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 09:21:57 GMT Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script' Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Mon, 07-Oct-2024 09:51:57 GMT; Path=/; Secure; HttpOnly Set-Cookie: YSC=6IJQgEwO8w4; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_INFO1_LIVE=7pSsw5WjbWg; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 09:21:57 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgYA%3D%3D; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 09:21:57 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	50565	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:01 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 09:22:01 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF45) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=199421 Date: Mon, 07 Oct 2024 09:22:01 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	50567	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:02 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 09:22:02 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=199356 Date: Mon, 07 Oct 2024 09:22:02 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-07 09:22:02 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.4	50578	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:04 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:04 UTC	540	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:04 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Fri, 04 Oct 2024 23:21:50 GMT ETag: "0x8DCE4CB535A72FA" x-ms-request-id: 4dad204e-401e-005b-4bf5-169c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092204Z-r154656d9bckpfgl7fe14swubc0000000edg00000000488k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:04 UTC	15844	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-07 09:22:05 UTC	16384	IN	Data Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
2024-10-07 09:22:05 UTC	16384	IN	Data Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
2024-10-07 09:22:05 UTC	16384	IN	Data Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
2024-10-07 09:22:05 UTC	16384	IN	Data Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
2024-10-07 09:22:05 UTC	16384	IN	Data Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
2024-10-07 09:22:05 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
2024-10-07 09:22:05 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
2024-10-07 09:22:05 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
2024-10-07 09:22:05 UTC	16384	IN	Data Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	50579	172.217.18.14	443	6768	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:05 UTC	1216	OUT	GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-743616949&timestamp=1728292924292 HTTP/1.1 Host: accounts.youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 09:22:05 UTC	1969	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: ALLOW-FROM https://accounts.google.com Content-Security-Policy: frame-ancestors https://accounts.google.com Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-RLRHPjOZVxscQy9CnkTHWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 09:22:05 GMT Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: cross-origin reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmJw0pBikPj6kkkDiJ3SZ7AGAXHSv_OsRUB8ufsS63UgVu25xGoKxEUSV1ibgFiIh2Pvhb4dbAIdHbemMCvpJeUXxmempOaVZJZUpuTnJmbmJefnZ2emFhenFpWlFsUbGRiZGFgaWeoZWMQXGAAAwlstBA" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 09:22:05 UTC	1969	IN	Data Raw: 37 36 31 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 52 4c 52 48 50 6a 4f 5a 56 78 73 63 51 79 39 43 6e 6b 54 48 57 77 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f Data Ascii: 7615<html><head><script nonce="RLRHPjOZVxscQy9CnkTHWw">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs\|\|{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
2024-10-07 09:22:05 UTC	1969	IN	Data Raw: 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28 Data Ascii: Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\\(
2024-10-07 09:22:05 UTC	1969	IN	Data Raw: 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 69 67 69 6e 74 22 3a 72 65 74 75 72 6e 28 41 61 3f 0a 61 3e 3d 42 61 26 26 61 3c 3d 43 61 3a 61 5b 30 5d 3d 3d 3d 22 2d 22 3f 75 61 28 61 2c 44 61 29 3a 75 61 28 61 2c 45 61 29 29 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 43 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 46 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e Data Ascii: tch(typeof a){case "number":return isFinite(a)?a:String(a);case "bigint":return(Aa?a>=Ba&&a<=Ca:a[0]==="-"?ua(a,Da):ua(a,Ea))?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(C(a))return}else if(Fa&&a!=null&&a in
2024-10-07 09:22:05 UTC	1969	IN	Data Raw: 7b 76 61 72 20 62 3b 69 66 28 61 26 26 28 62 3d 51 61 29 21 3d 6e 75 6c 6c 26 26 62 2e 68 61 73 28 61 29 26 26 28 62 3d 61 2e 43 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 3b 69 66 28 63 3d 3d 3d 62 2e 6c 65 6e 67 74 68 2d 31 26 26 41 28 64 29 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 7b 76 61 72 20 66 3d 64 5b 65 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 66 29 26 26 0a 52 61 28 66 2c 61 29 7d 65 6c 73 65 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 64 29 26 26 52 61 28 64 2c 61 29 7d 61 3d 45 3f 61 2e 43 3a 4d 61 28 61 2e 43 2c 50 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 65 3d 21 45 3b 69 66 28 62 3d 61 2e 6c 65 6e 67 74 68 29 7b 64 3d 61 5b 62 2d Data Ascii: {var b;if(a&&(b=Qa)!=null&&b.has(a)&&(b=a.C))for(var c=0;c<b.length;c++){var d=b[c];if(c===b.length-1&&A(d))for(var e in d){var f=d[e];Array.isArray(f)&&Ra(f,a)}else Array.isArray(d)&&Ra(d,a)}a=E?a.C:Ma(a.C,Pa,void 0,void 0,!1);e=!E;if(b=a.length){d=a[b-
2024-10-07 09:22:05 UTC	1969	IN	Data Raw: 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 63 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 57 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 Data Ascii: ol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Wa[b[c]];typeof d==="function"&&type
2024-10-07 09:22:05 UTC	1969	IN	Data Raw: 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 2e 67 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6b 29 7b 6b 3d 48 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 49 28 6b 2c 66 29 29 Data Ascii: );e("freeze");e("preventExtensions");e("seal");var h=0,g=function(k){this.g=(h+=Math.random()+1).toString();if(k){k=H(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};g.prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);if(!I(k,f))
2024-10-07 09:22:05 UTC	1969	IN	Data Raw: 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 Data Ascii: urn g.value})};c.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"\|\|l=="function"?b.has(k)
2024-10-07 09:22:05 UTC	1969	IN	Data Raw: 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 66 62 3d 66 62 7c 7c 7b 7d 2c 71 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 67 62 3d 71 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 71 2c 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 62 3d 62 5b 61 5b 63 5d 5d 2c 62 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 7d 2c 69 62 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45 Data Ascii: on(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var fb=fb\|\|{},q=this\|\|self,gb=q._F_toggles\|\|[],hb=function(a){a=a.split(".");for(var b=q,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b},ib="closure_uid_"+(Math.random()*1E
2024-10-07 09:22:06 UTC	1969	IN	Data Raw: 74 65 78 74 5f 5f 39 38 34 33 38 32 3d 7b 7d 29 3b 61 2e 5f 5f 63 6c 6f 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 2e 73 65 76 65 72 69 74 79 3d 62 7d 3b 76 61 72 20 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 71 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 67 2c 6b 2c 6c 29 7b 64 26 26 64 28 66 2c 68 2c 67 2c 6b 2c 6c 29 3b 61 28 7b 6d 65 73 73 61 67 65 3a 66 2c 66 69 6c 65 4e 61 6d 65 3a 68 2c 6c 69 6e 65 3a 67 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 67 2c 62 61 3a 6b 2c 65 72 72 6f 72 3a 6c 7d 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 74 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 68 Data Ascii: text__984382={});a.__closure__error__context__984382.severity=b};var qb=function(a,b,c){c=c\|\|q;var d=c.onerror,e=!!b;c.onerror=function(f,h,g,k,l){d&&d(f,h,g,k,l);a({message:f,fileName:h,line:g,lineNumber:g,ba:k,error:l});return e}},tb=function(a){var b=h
2024-10-07 09:22:06 UTC	1969	IN	Data Raw: 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 73 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a 74 79 70 65 6f 66 20 66 7d 66 2e 6c 65 6e 67 74 68 3e 34 30 26 26 28 66 3d 66 2e 73 6c 69 63 65 28 30 2c 34 30 29 2b 22 2e 2e 2e 22 29 3b 63 2e 70 75 73 68 28 66 29 7d 62 2e 70 75 73 68 28 61 29 3b 63 2e 70 75 73 68 28 22 29 5c 6e 22 29 3b 74 72 79 7b 63 2e 70 75 73 68 28 77 62 28 61 2e 63 61 6c 6c 65 72 2c 62 29 29 7d 63 61 74 63 68 28 68 29 7b 63 2e 70 75 73 68 28 22 5b 65 78 63 65 70 74 69 6f 6e Data Ascii: "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=sb(f))?f:"[fn]";break;default:f=typeof f}f.length>40&&(f=f.slice(0,40)+"...");c.push(f)}b.push(a);c.push(")\n");try{c.push(wb(a.caller,b))}catch(h){c.push("[exception

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	50586	13.107.253.72	443	6768	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:06 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:06 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:06 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 4b0a31e7-c01e-00ad-448c-15a2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092206Z-r154656d9bclhnqxthdkb0ps8000000007qg00000000ccvv x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:06 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.4	50583	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:06 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:06 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: b4e56b29-201e-0000-2178-18a537000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092206Z-1767f7688dcqrzlg5y6mnvesus000000013g00000000bwe3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:06 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.4	50585	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:06 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:06 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:06 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: ec1acd5e-601e-00ab-3736-1666f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092206Z-r154656d9bcvjnbgheqhz2uek80000000rzg000000004kge x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:06 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	50584	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:06 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:06 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:06 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: b9d87bc3-001e-008d-128c-15d91e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092206Z-r154656d9bc7mtk716cm75thbs0000000rs00000000016fe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:06 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	50582	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:06 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:06 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:06 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 265a1445-001e-00a2-25c7-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092206Z-1767f7688dcv97m7bx1m7utdsg00000000sg000000006h0u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:06 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	50589	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:06 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:07 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:06 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: aa8826a4-b01e-0053-608c-15cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092206Z-r154656d9bcwbfnhhnwdxge6u00000000680000000003rpx x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:07 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	50592	142.250.185.142	443	6768	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:06 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 09:22:07 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 09:22:07 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	50590	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:06 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:07 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 757ce4f4-401e-000a-128c-154a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092207Z-1767f7688dcdvjcfkw13t1btbs0000000s10000000005fgd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:07 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	50591	142.250.185.142	443	6768	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:06 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 09:22:07 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 09:22:07 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	50593	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:06 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:06 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 7e689a47-601e-0002-7978-18a786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092206Z-1767f7688dc9s2cg0vz2a9g5ms0000000170000000001fq4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:07 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	50594	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:06 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:07 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:07 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: b2393cc3-501e-005b-768c-15d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092207Z-r154656d9bcjfw87mb0kw1h2480000000e7g000000008zpf x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:07 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	50595	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:06 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:07 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:07 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 24b39cfc-301e-0096-2a8c-15e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092207Z-r154656d9bckpfgl7fe14swubc0000000ed0000000004uxw x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:07 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	50596	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:07 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:07 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: cc223d3c-501e-008f-0ec7-179054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092207Z-r154656d9bc5qmxtyvgyzcay0c0000000ebg000000005md9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:07 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	50597	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:07 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:07 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 1cc301c6-e01e-0071-6b8c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092207Z-r154656d9bcn4d55dey6ma44b00000000eeg0000000029nn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:07 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	50600	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:07 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:07 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 1cc301ca-e01e-0071-6f8c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092207Z-1767f7688dcdss7lwsep0egpxs0000000rr0000000008gw0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:07 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	50602	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:07 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:07 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 023e3944-a01e-003d-708c-1598d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092207Z-1767f7688dc5plpppuk35q59aw0000000rt0000000007yuh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:07 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	50601	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:07 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:07 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:07 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: 53cb037b-d01e-002b-6f04-1825fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092207Z-r154656d9bclhnqxthdkb0ps8000000007ug00000000602f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:07 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	50604	142.250.185.142	443	6768	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:07 UTC	1124	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 519 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 09:22:07 UTC	519	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 32 39 32 39 32 35 33 36 36 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728292925366",null,null,null
2024-10-07 09:22:08 UTC	933	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=taYUWXWquW0JwTji3WQC1_cHTEUbnoVCJBEq_8DMSmg6qMNCqkvwaynmDoerwnhot1t1-iNhZmYAkksZh_A3MMjo5buyH_SYt0ufnl9CmkJHY09g2_FYsoHr9s8STvJ0t1KSMja-eHWOJp--ywzFiQmyEzM9nrH_mL8ZVQHrjAep_mvgy1E; expires=Tue, 08-Apr-2025 09:22:08 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 09:22:08 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 09:22:08 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 09:22:08 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 09:22:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	50605	142.250.185.142	443	6768	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:08 UTC	1124	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 519 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 09:22:08 UTC	519	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 32 39 32 39 32 35 34 39 36 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728292925496",null,null,null
2024-10-07 09:22:08 UTC	933	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=LI4jow8sM1kJrvTM12wZygg5AvlLxuoPirbTvJhQ69r8hLNL4eLOyDDZGnKRAJu2xlWiXSNkGOiV9PmEGBKoA8ZGYZkD1i1a7qoy8w9tWIwXU8vQz0RunWHMz4VQFgvQ-XBq5yrbRB1gKH2X7g8DMxfVBFT-NmUhGsER4zPhOoRbj5D5dsI; expires=Tue, 08-Apr-2025 09:22:08 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 09:22:08 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 09:22:08 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 09:22:08 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 09:22:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	50563	142.250.185.196	443	6768	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:08 UTC	1017	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 09:22:08 UTC	705	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Mon, 07 Oct 2024 09:01:27 GMT Expires: Tue, 15 Oct 2024 09:01:27 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 1241 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-07 09:22:08 UTC	685	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-10-07 09:22:08 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-10-07 09:22:08 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-10-07 09:22:08 UTC	1390	IN	Data Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-10-07 09:22:08 UTC	575	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	50606	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:08 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:08 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 77844cee-a01e-0032-35c7-171949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092208Z-1767f7688dcjgr4ssr2c6t2x2s0000000rz000000000daub x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:08 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	50607	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:08 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:08 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:08 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: dae66c3e-d01e-0066-08a4-15ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092208Z-1767f7688dc5plpppuk35q59aw0000000rwg0000000018mm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:08 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	50608	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:08 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:08 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:08 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 24b39fc0-301e-0096-298c-15e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092208Z-r154656d9bcfd2bs2ymcm7xz980000000ec0000000005deg x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:08 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	50609	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:08 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:08 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:08 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 348a4018-801e-0078-54c7-17bac6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092208Z-1767f7688dcvlhnc8mxy0v1nqw00000002xg00000000593d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:08 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	50611	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:08 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:08 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:08 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 337d02d6-201e-0003-1678-18f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092208Z-1767f7688dczvnhxbpcveghk5g0000000be0000000001t2h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:08 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	50612	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:09 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:09 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:09 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 09392ef7-101e-0046-3f05-1791b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092209Z-1767f7688dczvnhxbpcveghk5g0000000b7g00000000c9pz x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:09 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	50613	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:09 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:09 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: eee776c4-301e-001f-2622-16aa3a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092209Z-r154656d9bcvjnbgheqhz2uek80000000rzg000000004kky x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:09 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	50615	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:09 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:09 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:09 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: a818c6dc-b01e-005c-0236-164c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092209Z-r154656d9bczc24jcy1csnb0es0000000290000000001e44 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:09 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	50614	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:09 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:09 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:09 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 4f10c824-e01e-0085-1c8c-15c311000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092209Z-1767f7688dcxfh5bcu3z8cgqmn0000000s3g000000007ywd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:09 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	50616	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:09 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:09 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 82f8b22c-c01e-0014-5a8c-15a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092209Z-1767f7688dc97m2se6u6hv466400000007rg000000001zzv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:09 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	50619	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:10 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:10 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: c50e19a0-201e-003f-7304-186d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092210Z-r154656d9bczbzfnyr5sz58vdw0000000eag000000007smz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:10 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	50620	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:10 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:10 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 07aac232-401e-0083-10c7-17075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092210Z-1767f7688dcxs7gvbd5dcgxeys0000000rqg000000001hen x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:10 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	50621	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:10 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:10 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: e44feb8c-a01e-0084-742d-169ccd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092210Z-r154656d9bcdp2lt7d5tpscfcn0000000s20000000002hfm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:10 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	50622	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:10 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:10 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:10 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: c2ca9d4d-801e-0035-458c-15752a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092210Z-1767f7688dcxfh5bcu3z8cgqmn0000000s600000000038zm x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:10 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	50623	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:10 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:10 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:10 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 5e6d03be-001e-0014-0a36-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092210Z-r154656d9bcwd5vj3zknz7qfhc000000070g000000008vd6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:10 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	50624	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:10 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:10 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: a7623418-001e-00a2-348c-15d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092210Z-r154656d9bczbzfnyr5sz58vdw0000000e9g0000000098k1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:10 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	50625	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:10 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:10 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:10 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 4b0a3852-c01e-00ad-3b8c-15a2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092210Z-r154656d9bc94jg685tuhe75qw0000000e8g00000000a0fa x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:10 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	50627	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:10 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:10 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: a62739ea-301e-005d-6402-17e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092210Z-r154656d9bc27nzfvdqr2guqt000000001ng0000000084sz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:11 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	50626	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:10 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:11 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 76615707-c01e-0082-6a8c-15af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092211Z-1767f7688dc2kzqgyrtc6e2gp40000000rrg000000006wa2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:11 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	50628	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:11 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:11 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: bb2e28bd-501e-0016-0b8c-15181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092211Z-r154656d9bc2dpb46dmu3uezks0000000e8000000000bkvd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:11 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	50629	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:11 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:11 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:11 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: c4ad759c-701e-0001-2422-16b110000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092211Z-r154656d9bclprr71vn2nvcemn0000000ru000000000aq9p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:11 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	50630	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:11 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:11 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:11 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 0dcb6c6d-e01e-0003-668c-150fa8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092211Z-1767f7688dcddqmnbcgcfkdk6s00000003kg000000002ss1 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:11 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	50632	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:11 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:11 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 8789ddbb-a01e-0084-6a8c-159ccd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092211Z-r154656d9bc6kzfwvnn9vvz3c400000005c000000000byxe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:11 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	50633	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:11 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:11 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 9bed673a-001e-0046-278c-15da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092211Z-1767f7688dc7bfz42qn9t7yq500000000rzg000000001syp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:11 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	50635	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:12 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:12 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:12 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: ed9c017d-601e-000d-3e22-162618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092212Z-r154656d9bcc2bdtn1pd2qfd4c0000000rwg000000004b2t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:12 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	50637	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:12 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:12 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:12 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 15fe0b87-a01e-0002-3b8c-155074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092212Z-1767f7688dcdss7lwsep0egpxs0000000rrg000000007c6g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:12 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	50636	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:12 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:12 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:12 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: cbb781ac-501e-0047-14a6-15ce6c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092212Z-1767f7688dcr9sxxmettbmaaq40000000s1g000000004uu4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:12 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	50638	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:12 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:12 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:12 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 738079d0-501e-00a3-3dc7-17c0f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092212Z-1767f7688dcxjm7c0w73xyx8vs0000000s20000000006pyn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:12 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	50639	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:12 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:12 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:12 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: c54fbac1-901e-008f-588c-1567a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092212Z-r154656d9bclprr71vn2nvcemn0000000rv00000000098pa x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:12 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	50640	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:12 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:13 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:13 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 75858473-001e-000b-318c-1515a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092213Z-1767f7688dc2kzqgyrtc6e2gp40000000rtg00000000300c x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:13 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	50642	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:13 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:13 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:13 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: cc687b4d-101e-0079-45b6-155913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092213Z-r154656d9bcc4snr2sy7ntt13c0000000b900000000067mf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:13 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	50641	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:13 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:13 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:13 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 1513c2df-001e-0017-1f9e-150c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092213Z-1767f7688dcrppb7pkfhksct680000000rq00000000010hn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:13 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	50643	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:13 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:13 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:13 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: b83a8dc4-f01e-003f-308c-15d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092213Z-1767f7688dc9s2cg0vz2a9g5ms000000013g0000000086ax x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:13 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	50644	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:13 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:13 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:13 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 4d501e36-901e-0029-1978-18274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092213Z-1767f7688dcvlhnc8mxy0v1nqw00000002yg00000000348w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:13 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	50646	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:13 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:13 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:13 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 3883747d-501e-008c-279e-15cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092213Z-r154656d9bcvjnbgheqhz2uek80000000rw0000000009v66 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:13 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	50647	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:14 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:14 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:14 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 1f480aea-c01e-002b-028c-156e00000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092214Z-r154656d9bc7mtk716cm75thbs0000000rsg000000000nbr x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:14 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	50648	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:14 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:14 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:14 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 7be6821c-d01e-008e-398c-15387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092214Z-r154656d9bcc2bdtn1pd2qfd4c0000000ry0000000001m36 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:14 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	50650	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:14 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:14 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:14 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 16d3a614-701e-0032-288c-15a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092214Z-1767f7688dc97m2se6u6hv466400000007qg000000003xdt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:14 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	50649	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:14 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:14 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:14 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: aa883537-b01e-0053-4c8c-15cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092214Z-1767f7688dcddqmnbcgcfkdk6s00000003cg00000000b7qs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:14 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	50651	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:14 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:14 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:14 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 7a9ad003-b01e-0053-6d8c-18cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092214Z-1767f7688dcvp2wzdxa8717z30000000049g00000000dqu7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:14 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	50653	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:14 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:14 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:14 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: bf719889-501e-00a0-2c78-189d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092214Z-1767f7688dcdss7lwsep0egpxs0000000rtg000000003ru8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:14 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	50652	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:14 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:14 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:14 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 53cf1937-f01e-0096-0fc7-1710ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092214Z-1767f7688dc7zpf96gw2vqtm3c00000000eg000000001gdc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:14 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	50654	142.250.185.142	443	6768	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:14 UTC	1299	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1218 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=LI4jow8sM1kJrvTM12wZygg5AvlLxuoPirbTvJhQ69r8hLNL4eLOyDDZGnKRAJu2xlWiXSNkGOiV9PmEGBKoA8ZGYZkD1i1a7qoy8w9tWIwXU8vQz0RunWHMz4VQFgvQ-XBq5yrbRB1gKH2X7g8DMxfVBFT-NmUhGsER4zPhOoRbj5D5dsI
2024-10-07 09:22:14 UTC	1218	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 38 32 39 32 39 32 33 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[4,0,0,0,0]]],558,[["1728292923000",null,null,null,
2024-10-07 09:22:15 UTC	941	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=q0XHfADBGElXTM07yVcoUPomu-9_k6tSWUM-JfrZCiLKTRmXIqJndWkaWztaeNlc7ZdhhkSaJqQg9leEewXS6vp6LgB8o2jkKqnx6aMYfsEcIKEabFUHUnFfiLhl-39jpH1ZjJPza73R0CtZ1eJ4jtnGJP5rmnc53f58wTjKF0EAoA4EH3UAkBMQCYE; expires=Tue, 08-Apr-2025 09:22:14 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 09:22:15 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 09:22:15 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 09:22:15 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 09:22:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	50656	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:15 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:15 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:15 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: be018b82-401e-0035-0c8c-1582d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092215Z-1767f7688dcr9sxxmettbmaaq40000000rxg00000000b7fy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:15 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	50655	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:15 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:15 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:15 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 38660718-101e-000b-6724-185e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092215Z-r154656d9bc7mtk716cm75thbs0000000rsg000000000ncz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:15 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	50657	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:15 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:15 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:15 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: 7d6f734e-e01e-0071-31a4-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092215Z-r154656d9bcdp2lt7d5tpscfcn0000000ry0000000008wbr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:15 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	50658	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:15 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:15 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:15 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 1d80fa4c-901e-0083-607e-18bb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092215Z-1767f7688dc2kzqgyrtc6e2gp40000000rv00000000009hk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:15 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	50659	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:15 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:15 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:15 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 1cc309a5-e01e-0071-358c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092215Z-r154656d9bckpfgl7fe14swubc0000000eag000000008v27 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:15 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	50661	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:15 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:15 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:15 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 6a902a44-301e-005d-788c-15e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092215Z-r154656d9bcx62tnuqgh46euy400000007x0000000005y7m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:15 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	50660	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:15 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:15 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:15 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 8abd529a-301e-001f-5f78-18aa3a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092215Z-1767f7688dcqrzlg5y6mnvesus000000015g000000008kw9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:15 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	50662	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:16 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:16 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:16 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: e1dbe94c-b01e-0021-72a4-15cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092216Z-r154656d9bcjfw87mb0kw1h2480000000e7000000000aafr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:16 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	50664	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:16 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:16 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:16 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 360ff137-701e-0098-1c78-18395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092216Z-1767f7688dccbx4fmf9wh4mm3c0000000rm0000000005pvq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:16 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	50663	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:16 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:16 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:16 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: a0476a89-101e-0028-4bc7-178f64000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092216Z-r154656d9bcpnqc46yk454phh800000003mg000000003r83 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:16 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	50665	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:16 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:16 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:16 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: b9a19b13-401e-0078-148c-154d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092216Z-1767f7688dc6trhkx0ckh4u3qn0000000s2000000000baea x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:16 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	50666	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:16 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:16 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:16 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 2c636da2-401e-0047-0afb-178597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092216Z-r154656d9bcclz9cswng83z0t00000000acg000000009mqn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:16 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	50667	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:17 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:17 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:17 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 2888ff52-c01e-008e-229c-157381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092217Z-r154656d9bcpkd87yvea8r1dfg0000000ds000000000cu56 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:17 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	50668	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:17 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:17 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:17 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 766164d5-c01e-0082-668c-15af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092217Z-1767f7688dck2l7961u6s0hrtn0000000s00000000006x71 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:17 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	50669	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:17 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:17 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:17 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 012726c1-901e-00a0-16c7-176a6d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092217Z-1767f7688dc7bfz42qn9t7yq500000000rt000000000cf9m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:17 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	50670	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:17 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:17 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:17 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: ea18a89c-b01e-001e-2d22-160214000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092217Z-r154656d9bcc2bdtn1pd2qfd4c0000000rtg00000000a22s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:17 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	50671	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:17 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:17 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:17 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 488e22d8-201e-003c-6178-1830f9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092217Z-1767f7688dcdss7lwsep0egpxs0000000rtg000000003ry8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:17 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	50672	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:17 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:17 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:17 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 851bd0ea-b01e-0001-2cc7-1746e2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092217Z-1767f7688dc7bfz42qn9t7yq500000000rwg000000006y4g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:17 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	50673	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:17 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:17 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:17 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: 1cc30b66-e01e-0071-368c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092217Z-1767f7688dcqrzlg5y6mnvesus000000013g00000000bwxh x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:17 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	50674	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:17 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:18 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:18 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 8e9c9a52-201e-000c-6b8c-1579c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092218Z-r154656d9bcv7txsqsufsswrks0000000ebg00000000446d x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:18 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	50675	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:18 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:18 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:18 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: 0da9586c-701e-0097-318c-15b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092218Z-1767f7688dc5plpppuk35q59aw0000000ru0000000005a8e x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:18 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	50676	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:18 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:18 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:18 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: ca3756a4-801e-0048-15c7-17f3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092218Z-1767f7688dc5std64kd3n8sca4000000087g00000000b49k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:18 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	50678	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:18 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:18 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:18 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: 82f8c3b9-c01e-0014-418c-15a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092218Z-1767f7688dcsjpdx60gbb8v42g0000000b5g000000006fq0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:18 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	50677	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:18 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:18 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:18 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: ef3d2b9b-501e-008f-674f-179054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092218Z-1767f7688dcvlhnc8mxy0v1nqw00000002t000000000cd5e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:18 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	50679	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:18 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:18 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:18 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: b23951fc-501e-005b-2a8c-15d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092218Z-1767f7688dczvnhxbpcveghk5g0000000b8g00000000c88u x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:18 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	50680	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:18 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:18 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 0480ed94-801e-00ac-5102-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092218Z-1767f7688dc97m2se6u6hv466400000007n0000000008581 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:19 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	50681	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:18 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:19 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: 7afec079-601e-000d-468c-152618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092219Z-r154656d9bcrxcdc4sxf91b6u400000008mg000000006h74 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:19 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	50682	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:19 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:19 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: 3acf1156-e01e-0052-60c7-17d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092219Z-1767f7688dcdss7lwsep0egpxs0000000ru0000000002rxt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:19 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	50683	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:19 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:19 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:19 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: 36849978-001e-000b-119c-1515a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092219Z-r154656d9bcmxqxrqrw0qrf8hg0000000arg000000001dcy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:19 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	50684	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:19 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:19 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:19 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 6a90313a-301e-005d-1a8c-15e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092219Z-1767f7688dcdss7lwsep0egpxs0000000ru0000000002rxz x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:19 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	50685	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:19 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:19 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:19 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 1392789d-401e-0047-0e8c-158597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092219Z-r154656d9bc5gm9nqxzv5c87e8000000058g00000000buuf x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:19 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	50686	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:19 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:19 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 07aacdb1-401e-0083-73c7-17075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092219Z-1767f7688dcvlhnc8mxy0v1nqw00000002xg0000000059cm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:19 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	50687	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:20 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:20 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:20 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 7afec1f8-601e-000d-328c-152618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092220Z-1767f7688dcdvjcfkw13t1btbs0000000s2g000000002ww5 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:20 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	50688	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:20 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:20 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:20 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 92784c80-801e-002a-088c-1531dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092220Z-r154656d9bcpnqc46yk454phh800000003h00000000088wa x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:20 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	50689	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:20 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:20 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:20 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: 4a217eb8-401e-00a3-218c-158b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092220Z-r154656d9bcv7txsqsufsswrks0000000e7000000000cefq x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:20 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	50690	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:20 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:20 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:20 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: c825d9ef-901e-007b-278c-15ac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092220Z-r154656d9bcwbfnhhnwdxge6u0000000063g00000000aqnp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:20 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	50691	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:20 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:20 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:20 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: e8c58a57-d01e-0065-7e78-18b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092220Z-1767f7688dcnw9hfer0bd0kh1g000000022g0000000096dp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:20 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	50692	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:20 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:21 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:21 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 04600955-801e-00ac-55f4-16fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092221Z-r154656d9bctbqfcgmyvqx3k100000000eag000000004wmw x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:21 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	50693	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:21 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:21 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:21 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: dae695f2-d01e-0066-14a4-15ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092221Z-r154656d9bcp2td5zh846myygg0000000rvg000000008nnq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:21 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	50694	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:21 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:21 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:21 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 29534450-901e-0064-768c-15e8a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092221Z-1767f7688dcxjm7c0w73xyx8vs0000000ry000000000c4qw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:21 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	50695	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:21 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:21 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:21 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 740c0569-801e-008c-7378-187130000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092221Z-1767f7688dcvp2wzdxa8717z3000000004ag00000000b5hu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:21 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	50696	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:21 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:21 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:21 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: 2fb43ddb-b01e-0070-339e-151cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092221Z-1767f7688dc97m2se6u6hv466400000007sg0000000002hd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:21 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	50697	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:21 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:21 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:21 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 704395e8-201e-005d-718c-15afb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092221Z-r154656d9bc6kzfwvnn9vvz3c400000005cg00000000bnvx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:21 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	50698	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:21 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:21 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:21 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: 8be9c1e7-301e-0052-678c-1565d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092221Z-r154656d9bc5gm9nqxzv5c87e800000005ag000000008vpk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:21 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	50699	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:21 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:21 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:21 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: dc68e902-201e-006e-0d8c-15bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092221Z-1767f7688dc7bfz42qn9t7yq500000000rwg000000006yb6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:21 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	50700	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:22 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:22 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:22 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 7d5bde9b-e01e-0071-239c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092222Z-r154656d9bclprr71vn2nvcemn0000000ru000000000aqn9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:22 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	50701	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:22 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:22 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:22 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: 71d081b4-b01e-001e-5dc7-170214000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092222Z-1767f7688dc2kzqgyrtc6e2gp40000000rt0000000003t4p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:22 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	50702	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:22 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:22 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:22 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: ba3c7a68-301e-0099-698c-156683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092222Z-r154656d9bc4v6bg39gwnbf5vn00000006m0000000000b5k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:22 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	50703	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:22 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:22 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:22 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: a1759df9-d01e-007a-08c7-17f38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092222Z-r154656d9bc8glqfu2duqg0z1w00000001e0000000006fns x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:22 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	50704	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:22 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:22 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:22 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: f0964379-001e-0049-4678-185bd5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092222Z-1767f7688dc6trhkx0ckh4u3qn0000000s80000000000pyb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:22 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	50705	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:22 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:22 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:22 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 819d4321-f01e-0020-6e8c-15956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092222Z-r154656d9bcwd5vj3zknz7qfhc000000075g0000000003cm x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:22 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	50706	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:22 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:22 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:22 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: 0ac1196c-201e-00aa-6778-183928000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092222Z-1767f7688dcsjpdx60gbb8v42g0000000b5g000000006fvt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:22 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	50707	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:23 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:23 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:23 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 831f1653-b01e-0098-198c-15cead000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092223Z-1767f7688dcdvjcfkw13t1btbs0000000rz0000000009up1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:23 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	50710	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:23 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:23 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:23 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: c27d0d21-301e-0051-279e-1538bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092223Z-r154656d9bcfd2bs2ymcm7xz980000000e9g00000000ab22 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:23 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	50708	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:23 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:23 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:23 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 7585955c-001e-000b-518c-1515a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092223Z-r154656d9bcx62tnuqgh46euy400000007x0000000005yh8 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:23 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	50709	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:23 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:23 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:23 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 89fd357a-501e-008f-758c-159054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092223Z-1767f7688dcv97m7bx1m7utdsg00000000ug000000003ede x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:23 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	50711	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:23 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:23 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:23 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: a68e0dd8-f01e-0052-1d8c-159224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092223Z-r154656d9bctbqfcgmyvqx3k100000000eb0000000003zbr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:23 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	50712	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:24 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:24 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:24 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: 757cff4f-401e-000a-528c-154a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092224Z-1767f7688dc4zx8hzkgqpgqkb400000009h000000000avhx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:24 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	50714	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:24 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:24 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:24 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: 3b1bff85-e01e-0052-0be7-17d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092224Z-r154656d9bcwbfnhhnwdxge6u0000000066g000000005nkf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:24 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	50713	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:24 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:24 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:24 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: 7756834e-501e-0035-801d-17c923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092224Z-1767f7688dcrppb7pkfhksct680000000rf000000000cacr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:24 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	50715	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:24 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:24 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:24 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 087215ec-201e-0085-7478-1834e3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092224Z-1767f7688dc88qkvtwr7dy4vdn0000000a9g000000001h73 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:24 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	50716	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:24 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:24 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:24 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 850b99d7-001e-0014-24e1-175151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092224Z-r154656d9bcv7txsqsufsswrks0000000e8g000000008tv6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:24 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	50717	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:25 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:25 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:25 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: d94163bc-601e-0084-55c7-176b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092225Z-1767f7688dc6trhkx0ckh4u3qn0000000s70000000002s0z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:25 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	50718	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:25 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:25 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:25 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: d62768f7-901e-007b-4578-18ac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092225Z-1767f7688dcv97m7bx1m7utdsg00000000r000000000953h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:25 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	50719	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:25 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:25 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:25 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: cc2250c5-501e-008f-2ac7-179054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092225Z-r154656d9bccl8jh8cxn9cxxcs0000000e9000000000b6xs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:25 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	50721	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:25 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:25 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:25 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: 56c891cb-f01e-0085-428c-1588ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092225Z-r154656d9bcx62tnuqgh46euy400000007tg00000000ctu6 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:25 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	50720	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:25 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:25 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:25 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: be019976-401e-0035-5d8c-1582d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092225Z-1767f7688dc7bfz42qn9t7yq500000000rt000000000cfna x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:25 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	50722	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:25 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:25 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:25 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 2f845d93-b01e-0070-2f8c-151cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092225Z-1767f7688dcqrzlg5y6mnvesus00000001ag0000000018cu x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:25 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	50724	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:25 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:26 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:25 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: a047797c-101e-0028-3dc7-178f64000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092225Z-1767f7688dcvp2wzdxa8717z3000000004eg000000005bg5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:26 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	50723	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:25 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:26 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:26 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: cce39220-001e-005a-519c-15c3d0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092226Z-1767f7688dcnlss9sm3w9wbbbn000000043000000000bmta x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:26 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	50726	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:26 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:26 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:26 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: be019a9f-401e-0035-518c-1582d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092226Z-1767f7688dcddqmnbcgcfkdk6s00000003k00000000031zv x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:26 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	50725	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:26 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:26 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:26 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: 2d1829d7-b01e-001e-738c-150214000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092226Z-r154656d9bc7mtk716cm75thbs0000000rpg000000005y0f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:26 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	50727	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:26 UTC	192	OUT	GET /rules/rule702151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:26 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:26 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE156D2EE" x-ms-request-id: 93c4f5e9-801e-0015-2bc7-17f97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092226Z-1767f7688dcxfh5bcu3z8cgqmn0000000s70000000001g41 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:26 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	50728	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:26 UTC	192	OUT	GET /rules/rule702150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:26 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:26 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT ETag: "0x8DC582BEDC8193E" x-ms-request-id: cd35b86e-901e-007b-4e19-18ac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092226Z-r154656d9bc6kzfwvnn9vvz3c400000005k0000000002neh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:26 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	50729	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:26 UTC	192	OUT	GET /rules/rule703001v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:26 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:26 GMT Content-Type: text/xml Content-Length: 1406 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB16F27E" x-ms-request-id: 926ec81f-301e-0052-4778-1865d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092226Z-1767f7688dc7bfz42qn9t7yq500000000ru000000000bh9u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:26 UTC	1406	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	50730	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:26 UTC	192	OUT	GET /rules/rule703000v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:26 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:26 GMT Content-Type: text/xml Content-Length: 1369 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE32FE1A2" x-ms-request-id: 3303e14a-901e-005b-7b78-182005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092226Z-1767f7688dcxs7gvbd5dcgxeys0000000rp00000000049ux x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:26 UTC	1369	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	50731	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:26 UTC	192	OUT	GET /rules/rule700751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:26 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:26 GMT Content-Type: text/xml Content-Length: 1414 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE03B051D" x-ms-request-id: c27691d9-301e-0051-769c-1538bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092226Z-r154656d9bc6kzfwvnn9vvz3c400000005fg0000000077p6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:26 UTC	1414	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	50732	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:27 UTC	192	OUT	GET /rules/rule700750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:27 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:27 GMT Content-Type: text/xml Content-Length: 1377 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT ETag: "0x8DC582BEAFF0125" x-ms-request-id: fba86ca6-e01e-00aa-5200-17ceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092227Z-1767f7688dcjgr4ssr2c6t2x2s0000000s10000000009wfc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:27 UTC	1377	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	50733	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:27 UTC	192	OUT	GET /rules/rule700151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:27 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:27 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0A2434F" x-ms-request-id: 4a218e36-401e-00a3-268c-158b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092227Z-1767f7688dc4zx8hzkgqpgqkb400000009ng000000004zpk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 09:22:27 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOn

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	50735	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 09:22:27 UTC	192	OUT	GET /rules/rule703451v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 09:22:27 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 09:22:27 GMT Content-Type: text/xml Content-Length: 1409 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFC438CF" x-ms-request-id: 0e45fb44-301e-005d-1e9c-15e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T092227Z-r154656d9bcwd5vj3zknz7qfhc000000072g000000004zvm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 09:22:27 UTC	1409	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703451" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo

Target ID:	0
Start time:	05:21:50
Start date:	07/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x660000
File size:	919'040 bytes
MD5 hash:	E445BF16AA010CE6CD1079021D59EF2A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialFlusher, Description: Yara detected Credential Flusher, Source: 00000000.00000002.3373581644.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	05:21:50
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0x9f0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	05:21:50
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	05:21:50
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0x9f0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	05:21:50
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	05:21:51
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x9f0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	05:21:51
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x800000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	05:21:51
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0x9f0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	05:21:51
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	05:21:51
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0x9f0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	05:21:51
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	05:21:53
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	05:21:54
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1616,i,10676587274302744520,10063467420524818103,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	18
Start time:	05:22:05
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5424 --field-trial-handle=1616,i,10676587274302744520,10063467420524818103,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	19
Start time:	05:22:05
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=1616,i,10676587274302744520,10063467420524818103,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	6.7%
Total number of Nodes:	1589
Total number of Limit Nodes:	55

Executed Functions

Function 006642DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 0066430D

Part of subcall function 00666B57: _wcslen.LIBCMT ref: 00666B6A

GetCurrentProcess.KERNEL32(?,006FCB64,00000000,?,?), ref: 00664422
IsWow64Process.KERNEL32(00000000,?,?), ref: 00664429
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00664454
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00664466
GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00664474
FreeLibrary.KERNEL32(00000000,?,?), ref: 0066447B
GetSystemInfo.KERNEL32(?,?,?), ref: 006644A0

Strings

kernel32.dll, xrefs: 0066444F
GetNativeSystemInfo, xrefs: 00664460
|O, xrefs: 006A36F8

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: bd2738eb64e9cb523d0c7ae7bd172129eb58d6f7da2d90ef2c137649f9a54624
Instruction ID: 5a52d9807434740b547f8faba4454ddbe3f2462584e38d709e74dd281180681d
Opcode Fuzzy Hash: bd2738eb64e9cb523d0c7ae7bd172129eb58d6f7da2d90ef2c137649f9a54624
Instruction Fuzzy Hash: 2DA1B77290A3D0DFE711D7797D411E57FE6AB27342B88D899E08193B22DA384909CF2D

Function 006642A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,006650AA,?,?,00000000,00000000), ref: 006642B2
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,006650AA,?,?,00000000,00000000), ref: 006642C9
LoadResource.KERNEL32(?,00000000,?,?,006650AA,?,?,00000000,00000000,?,?,?,?,?,?,00664F20), ref: 006A35BE
SizeofResource.KERNEL32(?,00000000,?,?,006650AA,?,?,00000000,00000000,?,?,?,?,?,?,00664F20), ref: 006A35D3
LockResource.KERNEL32(006650AA,?,?,006650AA,?,?,00000000,00000000,?,?,?,?,?,?,00664F20,?), ref: 006A35E6

Strings

SCRIPT, xrefs: 006642BF

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: cee9b974825a9c41f18bd561c77f076896e5834efad92a62aa62e28af53de970
Instruction ID: 711b33a7bbf716ce34c5d1b0e6ba9c378f6f0e8d93f9ca1694ba436ef7a9f6b6
Opcode Fuzzy Hash: cee9b974825a9c41f18bd561c77f076896e5834efad92a62aa62e28af53de970
Instruction Fuzzy Hash: 60115A70200604AFD7218B65DD59F677BBEEFC5B61F204169F40296250DB71DD10DA20

Function 006A2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryW.KERNEL32(?), ref: 00662B6B

Part of subcall function 00663A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00731418,?,00662E7F,?,?,?,00000000), ref: 00663A78

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

GetForegroundWindow.USER32(runas,?,?,?,?,?,00722224), ref: 006A2C10
ShellExecuteW.SHELL32(00000000,?,?,00722224), ref: 006A2C17

Strings

runas, xrefs: 006A2C0B

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
String ID: runas
API String ID: 448630720-4000483414
Opcode ID: be5d8873429aa2ae33b120784f0cc28f01f9782a41e7ecc11562a5a58402c335
Instruction ID: f9fd44e8387d5140de24f7db131ccac93aea96eec484e9f5396f92d0e5b443b1
Opcode Fuzzy Hash: be5d8873429aa2ae33b120784f0cc28f01f9782a41e7ecc11562a5a58402c335
Instruction Fuzzy Hash: B2113B31208396ABC744FF60E8619BEB7ABEF91354F44142CF482132A3CF35894AD716

Function 006EA67C Relevance: 6.2, APIs: 4, Instructions: 175
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 006EA6AC
Process32FirstW.KERNEL32(00000000,?), ref: 006EA6BA

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

Process32NextW.KERNEL32(00000000,?), ref: 006EA79C
CloseHandle.KERNELBASE(00000000), ref: 006EA7AB

Part of subcall function 0067CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,006A3303,?), ref: 0067CE8A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: 6399400d21903bf775c342f1d397665e2bb37d986426e95eafd2949b9f661cf2
Instruction ID: c20043665447becbd9d610b55feb35cf9df38d8a32aae050622a0a80d2219f21
Opcode Fuzzy Hash: 6399400d21903bf775c342f1d397665e2bb37d986426e95eafd2949b9f661cf2
Instruction Fuzzy Hash: 12518D71508300AFD750EF65C886A6BBBE9FF89754F00891DF58997291EB30E904CBA6

Function 006CDBBE Relevance: 6.0, APIs: 4, Instructions: 29
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(?,006A5222), ref: 006CDBCE
GetFileAttributesW.KERNELBASE(?), ref: 006CDBDD
FindFirstFileW.KERNEL32(?,?), ref: 006CDBEE
FindClose.KERNEL32(00000000), ref: 006CDBFA

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID:
API String ID: 2695905019-0
Opcode ID: 2387fd514fb65989fbc13f40ec65daa5bdc779fc415cd63a54a5ae4cc2ad6441
Instruction ID: e5b1834e1c631d0ae5ba7ed3fbc5a4696fa7f032e9d717edcb4364d14001114c
Opcode Fuzzy Hash: 2387fd514fb65989fbc13f40ec65daa5bdc779fc415cd63a54a5ae4cc2ad6441
Instruction Fuzzy Hash: F3F0E57081091857C3206B7CAE0DDBA376EDE01374B10571AF836C22F0EBB06E55C6D5

Function 0066BF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON

Download Yara Rule

Strings

p#s, xrefs: 006B07CE

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: BuffCharUpper
String ID: p#s
API String ID: 3964851224-3692422821
Opcode ID: 4b3ee8d52eed97af14eb6717bca4732e92d1e88951826ced37063790d8284816
Instruction ID: 46341b82af5bbb57b58adc62f2f53cc45af58d49d916364ba49a4dd9dfab5638
Opcode Fuzzy Hash: 4b3ee8d52eed97af14eb6717bca4732e92d1e88951826ced37063790d8284816
Instruction Fuzzy Hash: 26A27EB0608741DFD760DF14C480B6ABBE2BF89314F14896DE89A9B352D771EC85CB92

Function 006EAFF9 Relevance: 24.4, APIs: 16, Instructions: 418
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcslen.LIBCMT ref: 006EB198
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 006EB1B0
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 006EB1D4
_wcslen.LIBCMT ref: 006EB200
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 006EB214
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 006EB236
_wcslen.LIBCMT ref: 006EB332

Part of subcall function 006D05A7: GetStdHandle.KERNEL32(000000F6), ref: 006D05C6

_wcslen.LIBCMT ref: 006EB34B
_wcslen.LIBCMT ref: 006EB366
CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 006EB3B6
GetLastError.KERNEL32(00000000), ref: 006EB407
CloseHandle.KERNEL32(?), ref: 006EB439
CloseHandle.KERNEL32(00000000), ref: 006EB44A
CloseHandle.KERNEL32(00000000), ref: 006EB45C
CloseHandle.KERNEL32(00000000), ref: 006EB46E
CloseHandle.KERNEL32(?), ref: 006EB4E3

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: 79bfaab4051af2d4ea9d13d278f92850a0d9773149a7f2658eb86f7b4feff05c
Instruction ID: c3844967ae81470426fe26332628683943f56aa53afb31edf6c306f6d11dbef4
Opcode Fuzzy Hash: 79bfaab4051af2d4ea9d13d278f92850a0d9773149a7f2658eb86f7b4feff05c
Instruction Fuzzy Hash: 8EF19A315093809FC754EF25C891B6FBBE2AF85314F14855DF8998B2A2DB31EC44CB96

Function 0066D730 Relevance: 21.6, APIs: 14, Instructions: 622windowsleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 0066D807
timeGetTime.WINMM ref: 0066DA07
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0066DB28
TranslateMessage.USER32(?), ref: 0066DB7B
DispatchMessageW.USER32(?), ref: 0066DB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0066DB9F
Sleep.KERNELBASE(0000000A), ref: 0066DBB1

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
String ID:
API String ID: 2189390790-0
Opcode ID: 643297c25ce3aabd5e5d2404f334d7f1f83185f4e246f94d10854c16351b084e
Instruction ID: f9211105aad10441ac6bc8db3177ad7f3244e25687e17cc95fdadbd7289cc150
Opcode Fuzzy Hash: 643297c25ce3aabd5e5d2404f334d7f1f83185f4e246f94d10854c16351b084e
Instruction Fuzzy Hash: 0742D1B0B08242EFD728CF24C894BEAB7E2BF46314F14865DE4558B391D774E885CB96

Function 00662CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00662D07
RegisterClassExW.USER32(00000030), ref: 00662D31
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00662D42
InitCommonControlsEx.COMCTL32(?), ref: 00662D5F
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00662D6F
LoadIconW.USER32(000000A9), ref: 00662D85
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00662D94

Strings

AutoIt v3 GUI, xrefs: 00662D23
+, xrefs: 00662CF0
0, xrefs: 00662CE9
TaskbarCreated, xrefs: 00662D37

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: c73ec590fd5a404de956455bcddc5e712261e2b75dee4101f0a68c0286fb050e
Instruction ID: 2358c576d8e4f9733f8a2bb3e118f0359f3b94cc969b88de5583beea7d33a0ca
Opcode Fuzzy Hash: c73ec590fd5a404de956455bcddc5e712261e2b75dee4101f0a68c0286fb050e
Instruction Fuzzy Hash: C221E3B190124CEFEB00DFA4E949BEDBBB5FB08711F00811AF611A62A0D7B51544CF95

Function 006A065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 006A039A: CreateFileW.KERNELBASE(00000000,00000000,?,006A0704,?,?,00000000,?,006A0704,00000000,0000000C), ref: 006A03B7

GetLastError.KERNEL32 ref: 006A076F
__dosmaperr.LIBCMT ref: 006A0776
GetFileType.KERNELBASE(00000000), ref: 006A0782
GetLastError.KERNEL32 ref: 006A078C
__dosmaperr.LIBCMT ref: 006A0795
CloseHandle.KERNEL32(00000000), ref: 006A07B5
CloseHandle.KERNEL32(?), ref: 006A08FF
GetLastError.KERNEL32 ref: 006A0931
__dosmaperr.LIBCMT ref: 006A0938

Strings

H, xrefs: 006A08BD

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 1fa2fb08f3fe92468f6261fa0de295bfbbe8c94eb1b43458fe05f6958b3ec59b
Instruction ID: b7b12ef1895e3d5bf9a973da21d1c36ba55428da306ea05d19b47e7a04bfead1
Opcode Fuzzy Hash: 1fa2fb08f3fe92468f6261fa0de295bfbbe8c94eb1b43458fe05f6958b3ec59b
Instruction Fuzzy Hash: B2A11432A001098FEF19BF68D861BAE7BA2AB07324F14415DF815EB391DB359D12CF95

Function 0066344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00663A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00731418,?,00662E7F,?,?,?,00000000), ref: 00663A78

Part of subcall function 00663357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00663379

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0066356A
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 006A318D
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 006A31CE
RegCloseKey.ADVAPI32(?), ref: 006A3210
_wcslen.LIBCMT ref: 006A3277
_wcslen.LIBCMT ref: 006A3286

Strings

Software\AutoIt v3\AutoIt, xrefs: 00663560
\Include\, xrefs: 00663527
Include, xrefs: 006A3184, 006A31C5
\, xrefs: 006A328C

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: 2f076bd2ec68eedfef31ad79b5453adb90b865dfff74670a3f312be6f6c03179
Instruction ID: 718e41b3cba46621feece6863cce2a5aa1522f02dfc61a6839c7617547e2c88c
Opcode Fuzzy Hash: 2f076bd2ec68eedfef31ad79b5453adb90b865dfff74670a3f312be6f6c03179
Instruction Fuzzy Hash: EE7104714043009ED314EF65EC829ABBBE9FF85350F50852EF545C3262EB389A09CF6A

Function 00662B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00662B8E
LoadCursorW.USER32(00000000,00007F00), ref: 00662B9D
LoadIconW.USER32(00000063), ref: 00662BB3
LoadIconW.USER32(000000A4), ref: 00662BC5
LoadIconW.USER32(000000A2), ref: 00662BD7
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00662BEF
RegisterClassExW.USER32(?), ref: 00662C40

Part of subcall function 00662CD4: GetSysColorBrush.USER32(0000000F), ref: 00662D07
Part of subcall function 00662CD4: RegisterClassExW.USER32(00000030), ref: 00662D31
Part of subcall function 00662CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00662D42
Part of subcall function 00662CD4: InitCommonControlsEx.COMCTL32(?), ref: 00662D5F
Part of subcall function 00662CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00662D6F
Part of subcall function 00662CD4: LoadIconW.USER32(000000A9), ref: 00662D85
Part of subcall function 00662CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00662D94

Strings

0, xrefs: 00662C0F
#, xrefs: 00662C16
AutoIt v3, xrefs: 00662C2F

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: 7ab16b38a126fab239f350a798282a5d4cd478efedfcd9af2029389785e06300
Instruction ID: 06bd3b3e4032b93ca09bd3817d83c519e9271feb886a565abb265b16e691ec7f
Opcode Fuzzy Hash: 7ab16b38a126fab239f350a798282a5d4cd478efedfcd9af2029389785e06300
Instruction Fuzzy Hash: 09213EB1E00318AFEB109FA6ED55BAD7FB5FB48B51F40801AF500A66A0D7B91544CF98

Function 0066B710 Relevance: 16.3, APIs: 1, Strings: 8, Instructions: 587COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 0066BB4E

Strings

x#s, xrefs: 006B0168
p#s, xrefs: 006B024F
p#s, xrefs: 0066BA72
p#s, xrefs: 006B0263
p#s, xrefs: 0066BB6B
x#s, xrefs: 006B0207
p%s, xrefs: 0066B8DC
p%s, xrefs: 0066BB32

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: p#s$p#s$p#s$p#s$p%s$p%s$x#s$x#s
API String ID: 1385522511-2360114552
Opcode ID: 34ddb8e0c6134f5a72eafce6b0539a3e34a916fdd9c0caa726b6bf60d5e8edd2
Instruction ID: 0ffa783945305ebeaa916a4bcb14913054f5edfc079f1e3f5ce5aa1a216835b9
Opcode Fuzzy Hash: 34ddb8e0c6134f5a72eafce6b0539a3e34a916fdd9c0caa726b6bf60d5e8edd2
Instruction Fuzzy Hash: BC328E74A00209DFEB24CF58C894AFEBBBBEF45314F148059E905AB352D774AD82CB95

Function 00663170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0066316A,?,?), ref: 006631D8
KillTimer.USER32(?,00000001,?,?,?,?,?,0066316A,?,?), ref: 00663204
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00663227
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0066316A,?,?), ref: 00663232
CreatePopupMenu.USER32 ref: 00663246
PostQuitMessage.USER32(00000000), ref: 00663267

Strings

TaskbarCreated, xrefs: 0066322D

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: a71a9c520402a12ad041b19d21a7a196c23d796ee2cc8f5254c2da7f49362152
Instruction ID: 40c03c5e1285774447ce30496f7b3a0fc9527063f9f59a64a7f984920a82b57a
Opcode Fuzzy Hash: a71a9c520402a12ad041b19d21a7a196c23d796ee2cc8f5254c2da7f49362152
Instruction Fuzzy Hash: CF415931240264A7EB142B7C9D6DBF93B5FEB06350F444129FA02C63A2C77A9F41CB69

Function 00662C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00662C91
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00662CB2
ShowWindow.USER32(00000000,?,?,?,?,?,?,00661CAD,?), ref: 00662CC6
ShowWindow.USER32(00000000,?,?,?,?,?,?,00661CAD,?), ref: 00662CCF

Strings

edit, xrefs: 00662CAC
AutoIt v3, xrefs: 00662C89, 00662C8E, 00662C8F

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: ca2a4d7225a3308f2f09c16042fc4efbe31d91e09fe36702e1c11e65ca3114cc
Instruction ID: 29c16b1ff0223cf9467fef86ea3bee99f1dcce29ca072ac8ca52961a73a235cf
Opcode Fuzzy Hash: ca2a4d7225a3308f2f09c16042fc4efbe31d91e09fe36702e1c11e65ca3114cc
Instruction Fuzzy Hash: C2F03A755402987AFB301B13AC18EB72FBED7C6F61B40801AFA00A35A0C2690844DEB8

Function 00663B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00663B0F,SwapMouseButtons,00000004,?), ref: 00663B40
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00663B0F,SwapMouseButtons,00000004,?), ref: 00663B61
RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00663B0F,SwapMouseButtons,00000004,?), ref: 00663B83

Strings

Control Panel\Mouse, xrefs: 00663B3E

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: 4979c42979eca9b386a7a7ee6f17716c1171567670a2b23b5f44207b6f8e54bd
Instruction ID: d01d1c99ce9aaa5657a5706a50c93a3381b8f70412bd86f71d55f1393cd92adb
Opcode Fuzzy Hash: 4979c42979eca9b386a7a7ee6f17716c1171567670a2b23b5f44207b6f8e54bd
Instruction Fuzzy Hash: A0115AB1510218FFDB208FA4DC44EEEB7B9EF21754B104459A801D7210D6319E419760

Function 00663923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 006A33A2

Part of subcall function 00666B57: _wcslen.LIBCMT ref: 00666B6A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 00663A04

Strings

Line: , xrefs: 006A33EB

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line:
API String ID: 2289894680-1585850449
Opcode ID: cc952582664536f16f782948d8e5d477ddd0df013574ca7c752c3c359ad65abc
Instruction ID: c349b98b46dbc069f68c7c219917ae7a88fdfff6f14d49bf4dd8ba8f1d982908
Opcode Fuzzy Hash: cc952582664536f16f782948d8e5d477ddd0df013574ca7c752c3c359ad65abc
Instruction Fuzzy Hash: 1E31D471408324AED765EB20DC45BEBB7DAAF40710F00462EF599932D1EF749A49CBCA

Function 00662DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 006A2C8C

Part of subcall function 00663AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00663A97,?,?,00662E7F,?,?,?,00000000), ref: 00663AC2

Part of subcall function 00662DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00662DC4

Strings

X, xrefs: 006A2C5A
`er, xrefs: 006A2C85

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X$`er
API String ID: 779396738-256315308
Opcode ID: be6a582c270aeddf2de48a4f435645793c90d7f6ec976dae1812ebb87590f9d0
Instruction ID: 0d8f767d5d79a738d52ed29a2a0a175fc94ca90fdc5fb224800dfa7def3a31fe
Opcode Fuzzy Hash: be6a582c270aeddf2de48a4f435645793c90d7f6ec976dae1812ebb87590f9d0
Instruction Fuzzy Hash: FA21D870A002989FCB41EF94D8557EE7BFAAF49314F00806EE405A7341DFB85A498F65

Function 0067FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00680668

Part of subcall function 006832A4: RaiseException.KERNEL32(?,?,?,0068068A,?,00731444,?,?,?,?,?,?,0068068A,00661129,00728738,00661129), ref: 00683304

__CxxThrowException@8.LIBVCRUNTIME ref: 00680685

Strings

Unknown exception, xrefs: 00680692

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: af73550351bea2f442e2a2594e947a9deaf8823851b156f9522ad231bcc3530b
Instruction ID: bf5c0db7779c7ce4b0a7c5215e6475204bb8f9b8e93f62f2ff282530058c287a
Opcode Fuzzy Hash: af73550351bea2f442e2a2594e947a9deaf8823851b156f9522ad231bcc3530b
Instruction Fuzzy Hash: C7F0283490020D77CB90B764E856C9D776F5E00310B608A35B92891692EF31DB5ACB85

Function 006610F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON

Download Yara Rule

APIs

Part of subcall function 00661BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00661BF4
Part of subcall function 00661BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00661BFC
Part of subcall function 00661BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00661C07
Part of subcall function 00661BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00661C12
Part of subcall function 00661BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00661C1A
Part of subcall function 00661BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00661C22

Part of subcall function 00661B4A: RegisterWindowMessageW.USER32(00000004,?,006612C4), ref: 00661BA2

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0066136A
OleInitialize.OLE32 ref: 00661388
CloseHandle.KERNEL32(00000000,00000000), ref: 006A24AB

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: 0ce47f435bd4c6be9ef0a11b3ab0591074148b329e6c936391f3300a1d2520d9
Instruction ID: 988a3c27441e9cd1005d138c7dc98133c176859610c8cb334268e064d5f97f01
Opcode Fuzzy Hash: 0ce47f435bd4c6be9ef0a11b3ab0591074148b329e6c936391f3300a1d2520d9
Instruction Fuzzy Hash: F071CCB59012448FE384DFB9AD456A53BE2BB893627D4C22ED14AC7362EB384421CF5D

Function 006CC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00663923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00663A04

Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 006CC259
KillTimer.USER32(?,00000001,?,?), ref: 006CC261
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 006CC270

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: ca846b62d71dfb2690d0f0d8285dea77a20649ef862e6ef9064fa9300436f535
Instruction ID: 1ab6d72d7c8224d737598691d3e0ef77cef12454f2e94f7c85e806183af88798
Opcode Fuzzy Hash: ca846b62d71dfb2690d0f0d8285dea77a20649ef862e6ef9064fa9300436f535
Instruction Fuzzy Hash: 8431C370904344AFEB329F648895BF7BBEEDB06314F04049ED1DE93241C3785A85CB51

Function 006986AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,?,?,006985CC,?,00728CC8,0000000C), ref: 00698704
GetLastError.KERNEL32(?,006985CC,?,00728CC8,0000000C), ref: 0069870E
__dosmaperr.LIBCMT ref: 00698739

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr
String ID:
API String ID: 2583163307-0
Opcode ID: a08ed956922ff16a9008cb54cf0f6536958c982b553d8c65b632106d53d81175
Instruction ID: 4f866c0aaf4d6e2f6a8cea48ec2cf93c6685910181b0b894dab29ca3afcc04ff
Opcode Fuzzy Hash: a08ed956922ff16a9008cb54cf0f6536958c982b553d8c65b632106d53d81175
Instruction Fuzzy Hash: B5016B336046201EDE616374A845BBE274F4B83774F39011DF8058FAD3EEA08C81C294

Function 0066DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 0066DB7B
DispatchMessageW.USER32(?), ref: 0066DB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0066DB9F
Sleep.KERNELBASE(0000000A), ref: 0066DBB1
TranslateAcceleratorW.USER32(?,?,?), ref: 006B1CC9

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchPeekSleep
String ID:
API String ID: 3288985973-0
Opcode ID: df4afd7a336968a0c4613a01c0a94f8502d522cb86a29110e4c36967ccdc3069
Instruction ID: 2b5566d0f9858027aeb81e99f0df6d0b516d45acec50f027035121db48adc965
Opcode Fuzzy Hash: df4afd7a336968a0c4613a01c0a94f8502d522cb86a29110e4c36967ccdc3069
Instruction Fuzzy Hash: 34F08271604345EBE730DBA0CC59FEA73AEEF45320F504919E61AC71D0DB34A488CB19

Function 00671310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 006717F6

Strings

CALL, xrefs: 006717C6

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: c151d40c7974e4d415e02e02704c064d922bb4b375337486045eaaddd83b05ee
Instruction ID: f0a4a4f451f33681de10e7c8b9f273261dfc909bc5ae94b329cf9b0bfad75a59
Opcode Fuzzy Hash: c151d40c7974e4d415e02e02704c064d922bb4b375337486045eaaddd83b05ee
Instruction Fuzzy Hash: BB22ADB0608301DFD754DF18C480A6ABBF2BF86314F24895EF49A8B362D735E985CB56

Function 0069C9BB Relevance: 3.1, APIs: 2, Instructions: 91COMMON

Download Yara Rule

APIs

Part of subcall function 00692D74: GetLastError.KERNEL32(?,?,00695686,006A3CD6,?,00000000,?,00695B6A,?,?,?,?,?,0068E6D1,?,00728A48), ref: 00692D78
Part of subcall function 00692D74: _free.LIBCMT ref: 00692DAB
Part of subcall function 00692D74: SetLastError.KERNEL32(00000000,?,?,?,?,0068E6D1,?,00728A48,00000010,00664F4A,?,?,00000000,006A3CD6), ref: 00692DEC
Part of subcall function 00692D74: _abort.LIBCMT ref: 00692DF2

Part of subcall function 0069CADA: _abort.LIBCMT ref: 0069CB0C
Part of subcall function 0069CADA: _free.LIBCMT ref: 0069CB40

Part of subcall function 0069C74F: GetOEMCP.KERNEL32(00000000), ref: 0069C77A

_free.LIBCMT ref: 0069CA33
_free.LIBCMT ref: 0069CA69

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _free$ErrorLast_abort
String ID:
API String ID: 2991157371-0
Opcode ID: a31c32734f5754ce06a6e7223c8dc5bd07e3304d031c697913b8c3e146b7a3a5
Instruction ID: 7f8b1a6c0a24ae788ae8897dc64ce2c50768f66955b034b733e9828eed150732
Opcode Fuzzy Hash: a31c32734f5754ce06a6e7223c8dc5bd07e3304d031c697913b8c3e146b7a3a5
Instruction Fuzzy Hash: 4E31BF3190020CAFDF11EBA9D551BADB7FAEF40370F21419DE8049BAA2EB359E41DB54

Function 00663837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 00663908

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 0d8b341128f9cd46386010d91f4a89aa7f8a129661d9062c56c91aab6c1f11b3
Instruction ID: b349472b24ef43c3ddd603d303f32427b64ac8fb285fff2ff8138361fce7fc4b
Opcode Fuzzy Hash: 0d8b341128f9cd46386010d91f4a89aa7f8a129661d9062c56c91aab6c1f11b3
Instruction Fuzzy Hash: 2E31A2706047119FE760DF24D8847D7BBE9FB49719F00092EF59A83340E775AA44CB56

Function 0067F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 0067F661

Part of subcall function 0066D730: GetInputState.USER32 ref: 0066D807

Sleep.KERNEL32(00000000), ref: 006BF2DE

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: InputSleepStateTimetime
String ID:
API String ID: 4149333218-0
Opcode ID: 8f964d9d2470f2fe8944e2d0aa82d0f6cc6c42ec430c0e35f0a629b572457d23
Instruction ID: 79a20c3f9c36991654883752215d151ce3d01c3a4df4fb9e4e5310529efc407e
Opcode Fuzzy Hash: 8f964d9d2470f2fe8944e2d0aa82d0f6cc6c42ec430c0e35f0a629b572457d23
Instruction Fuzzy Hash: 58F08C312402059FD350EF6AD949BAABBEAEF45760F00402DE85AC7360EB70A840CB95

Function 00664ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00664E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00664EDD,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664E9C
Part of subcall function 00664E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00664EAE
Part of subcall function 00664E90: FreeLibrary.KERNEL32(00000000,?,?,00664EDD,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664EC0

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664EFD

Part of subcall function 00664E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,006A3CDE,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664E62
Part of subcall function 00664E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00664E74
Part of subcall function 00664E59: FreeLibrary.KERNEL32(00000000,?,?,006A3CDE,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664E87

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: e6a4feed4f40b9e2c8289954cdacf4bb51a8575f1bf07857389bc40becc6374e
Instruction ID: 5a1a0f78d884cc494b663a2509b47745740bcd18847b65a584eac74999f6b955
Opcode Fuzzy Hash: e6a4feed4f40b9e2c8289954cdacf4bb51a8575f1bf07857389bc40becc6374e
Instruction Fuzzy Hash: 0611E332600305AACB55BB60DC03FAD77A7AF80710F20842EF542A62C1EE729E05DB99

Function 00698402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00698440

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: e3711c8ec66d5390f717a05e9f2c9748de35641d56d1997ddaf81f672b5c19dd
Instruction ID: 060c14a8c2cb0d15bcbc763167af5d61108b3a924f171c0bc30ca9e2527d5ebc
Opcode Fuzzy Hash: e3711c8ec66d5390f717a05e9f2c9748de35641d56d1997ddaf81f672b5c19dd
Instruction Fuzzy Hash: 6111187590410AAFCF05DF58E9419DA7BF9EF49314F104069F808AB312DA31DA11CBA5

Function 006F29BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?,?,?,006F14B5,?), ref: 006F2A01

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: 073dcf5b9252cb8619133dd313aea565ec86a5b3e3031e4570e8ce9a1553bcea
Instruction ID: c8b4c4e31c7659aa66794510293b4a39f6da69bd581e9305ee05a3d3a507e026
Opcode Fuzzy Hash: 073dcf5b9252cb8619133dd313aea565ec86a5b3e3031e4570e8ce9a1553bcea
Instruction Fuzzy Hash: 8D019E36300A479FD325CA2EC465B723793FB85314F298468D2478B391DB32EC42CBA0

Function 0068E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction ID: 544a59661004f187b5bd656e2df84c105c91dc8e240eaa124bf474dd32278725
Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction Fuzzy Hash: 86F02832510A14AADF313A698C05B9A339F9F62331F14071DF524976E2EF75D84287AD

Function 00693820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,00731444,?,0067FDF5,?,?,0066A976,00000010,00731440,006613FC,?,006613C6,?,00661129), ref: 00693852

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 3558f1a1a8c93931f7e73a6bdf3a7dd81d19b5a948856e231b5348b1314a3293
Instruction ID: 36e144c3b1428f264f8fc5472b7d3db4396cec42280aa4f1ecd022fc7f3779b6
Opcode Fuzzy Hash: 3558f1a1a8c93931f7e73a6bdf3a7dd81d19b5a948856e231b5348b1314a3293
Instruction Fuzzy Hash: 04E0E53110023556EF2136679E04BDA374FAF427B0F050125BC06E2F80CB10DE0193E5

Function 00664F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664F6D

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: f64d59702c0bcc4614d1abf386ea98445ccaabd6f0278be90349792b9da2b261
Instruction ID: 6bf0fdb4497685b8881cd3573697a6ee0c03956a346dcea5f71eabc02d9786f1
Opcode Fuzzy Hash: f64d59702c0bcc4614d1abf386ea98445ccaabd6f0278be90349792b9da2b261
Instruction Fuzzy Hash: 10F03071105751CFDB389F64D490862B7F6AF54329310CA7EE1DA82611CB319844DF10

Function 006F2A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 006F2A66

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: b360c2903275980ff79e2a45b4a2fb44025f2b148b40d752fc397b52938b4a6e
Instruction ID: 7df2f763fe4f311269b6bd7cedb871909578ae8fb5596fd3c9906b06eadca2aa
Opcode Fuzzy Hash: b360c2903275980ff79e2a45b4a2fb44025f2b148b40d752fc397b52938b4a6e
Instruction Fuzzy Hash: FCE04F3675411BAAC754EA30EC909FA735EEB50395710453EAD16C6200EB309996DAA4

Function 00662DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00662DC4

Part of subcall function 00666B57: _wcslen.LIBCMT ref: 00666B6A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: b1dbbe65eb1fca919893b0d3fb75c0b42129c8cc1f878ee03b647356a1970524
Instruction ID: 7cf342cbf9ccf1d4a38bf5faaa442f188d7bfddff642983050ca8127fc22b4db
Opcode Fuzzy Hash: b1dbbe65eb1fca919893b0d3fb75c0b42129c8cc1f878ee03b647356a1970524
Instruction Fuzzy Hash: E7E0CD766001245BC710A658DC05FEA77DEDFC97A0F044075FD09D7248D960AD80C554

Function 00662B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00663837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00663908

Part of subcall function 0066D730: GetInputState.USER32 ref: 0066D807

SetCurrentDirectoryW.KERNEL32(?), ref: 00662B6B

Part of subcall function 006630F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0066314E

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: IconNotifyShell_$CurrentDirectoryInputState
String ID:
API String ID: 3667716007-0
Opcode ID: 5e2cb3b1f7592f2b15525d682a0283f6ee1fcd645d4f53f83be7a41645e9fdc7
Instruction ID: 4041ec982fbdd795b13b1af164698683ce7e998ed5cbf00b6cde7c83f0728c52
Opcode Fuzzy Hash: 5e2cb3b1f7592f2b15525d682a0283f6ee1fcd645d4f53f83be7a41645e9fdc7
Instruction Fuzzy Hash: A3E07D3230029407C748BB71A8124BDF74BCFD1351F40183EF442433A3CF244949831A

Function 006A039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,006A0704,?,?,00000000,?,006A0704,00000000,0000000C), ref: 006A03B7

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 8e4ea0ffbab75b8d99cb5df2331074d699a9b5c286d99fcf9a75525f32cfa869
Instruction ID: c3ca7a27991fcd4e5e883f5aadc43678b5e31bd14cfb2b45db60cec9f6529908
Opcode Fuzzy Hash: 8e4ea0ffbab75b8d99cb5df2331074d699a9b5c286d99fcf9a75525f32cfa869
Instruction Fuzzy Hash: 29D06C3204010DBBDF028F84DD06EDA3BAAFB48714F014000BE1856020C732E831EB90

Function 00661CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00661CBC

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: cf5d33ae684ab53c3892f3b8ed55f732047975b0f85b08708a7dcdfd3f7e9386
Instruction ID: e5fceb14db8d24c2b88cd2133a5e7dc1edef07614509a544c2d793212c011f91
Opcode Fuzzy Hash: cf5d33ae684ab53c3892f3b8ed55f732047975b0f85b08708a7dcdfd3f7e9386
Instruction Fuzzy Hash: 23C09236280308AFF3148B80BD5AF207B65A348B12F54C001F609AA5E3C3A62834EA58

Non-executed Functions

Function 006F9576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00679BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00679BB2

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 006F961A
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 006F965B
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 006F969F
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 006F96C9
SendMessageW.USER32 ref: 006F96F2
GetKeyState.USER32(00000011), ref: 006F978B
GetKeyState.USER32(00000009), ref: 006F9798
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 006F97AE
GetKeyState.USER32(00000010), ref: 006F97B8
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 006F97E9
SendMessageW.USER32 ref: 006F9810
SendMessageW.USER32(?,00001030,?,006F7E95), ref: 006F9918
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 006F992E
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 006F9941
SetCapture.USER32(?), ref: 006F994A
ClientToScreen.USER32(?,?), ref: 006F99AF
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 006F99BC
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 006F99D6
ReleaseCapture.USER32 ref: 006F99E1
GetCursorPos.USER32(?), ref: 006F9A19
ScreenToClient.USER32(?,?), ref: 006F9A26
SendMessageW.USER32(?,00001012,00000000,?), ref: 006F9A80
SendMessageW.USER32 ref: 006F9AAE
SendMessageW.USER32(?,00001111,00000000,?), ref: 006F9AEB
SendMessageW.USER32 ref: 006F9B1A
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 006F9B3B
SendMessageW.USER32(?,0000110B,00000009,?), ref: 006F9B4A
GetCursorPos.USER32(?), ref: 006F9B68
ScreenToClient.USER32(?,?), ref: 006F9B75
GetParent.USER32(?), ref: 006F9B93
SendMessageW.USER32(?,00001012,00000000,?), ref: 006F9BFA
SendMessageW.USER32 ref: 006F9C2B
ClientToScreen.USER32(?,?), ref: 006F9C84
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 006F9CB4
SendMessageW.USER32(?,00001111,00000000,?), ref: 006F9CDE
SendMessageW.USER32 ref: 006F9D01
ClientToScreen.USER32(?,?), ref: 006F9D4E
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 006F9D82

Part of subcall function 00679944: GetWindowLongW.USER32(?,000000EB), ref: 00679952

GetWindowLongW.USER32(?,000000F0), ref: 006F9E05

Strings

F, xrefs: 006F9D07
p#s, xrefs: 006F9990
@GUI_DRAGID, xrefs: 006F997D

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
String ID: @GUI_DRAGID$F$p#s
API String ID: 3429851547-570795275
Opcode ID: 4ed05fee0ebd9c1b84ac66b27647f9e5969f1de337140dc22baf9a7cee354424
Instruction ID: 976f2759fcc1178c42cfbcc812a3bef1d014b826d1c505e3b0af111615bab408
Opcode Fuzzy Hash: 4ed05fee0ebd9c1b84ac66b27647f9e5969f1de337140dc22baf9a7cee354424
Instruction Fuzzy Hash: 42428B30208248AFE724DF28CD44BBABBE6FF49720F144619F699C72A1D731A855CF65

Function 006F4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 006F48F3
SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 006F4908
SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 006F4927
SendMessageW.USER32(?,00000148,00000000,00000000), ref: 006F494B
SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 006F495C
SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 006F497B
SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 006F49AE
SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 006F49D4
SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 006F4A0F
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 006F4A56
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 006F4A7E
IsMenu.USER32(?), ref: 006F4A97
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 006F4AF2
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 006F4B20
GetWindowLongW.USER32(?,000000F0), ref: 006F4B94
SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 006F4BE3
SendMessageW.USER32(00000000,00001001,00000000,?), ref: 006F4C82
wsprintfW.USER32 ref: 006F4CAE
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 006F4CC9
GetWindowTextW.USER32(?,00000000,00000001), ref: 006F4CF1
SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 006F4D13
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 006F4D33
GetWindowTextW.USER32(?,00000000,00000001), ref: 006F4D5A

Strings

%d/%02d/%02d, xrefs: 006F4CA8

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
String ID: %d/%02d/%02d
API String ID: 4054740463-328681919
Opcode ID: 324efc60cf96afb0c870d5eedb6f1e3efc0e73eeb266f648c111cd9e260ea352
Instruction ID: 68b6de7a54d7e09c3795565d2566f38c69223747fe709044ab607c5eda444817
Opcode Fuzzy Hash: 324efc60cf96afb0c870d5eedb6f1e3efc0e73eeb266f648c111cd9e260ea352
Instruction Fuzzy Hash: 2312DF71604218ABEB248F28CC49FBF7BFAAF85310F104119FA1ADA6A5DB749941CB50

Function 0067F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0067F998
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 006BF474
IsIconic.USER32(00000000), ref: 006BF47D
ShowWindow.USER32(00000000,00000009), ref: 006BF48A
SetForegroundWindow.USER32(00000000), ref: 006BF494
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 006BF4AA
GetCurrentThreadId.KERNEL32 ref: 006BF4B1
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 006BF4BD
AttachThreadInput.USER32(?,00000000,00000001), ref: 006BF4CE
AttachThreadInput.USER32(?,00000000,00000001), ref: 006BF4D6
AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 006BF4DE
SetForegroundWindow.USER32(00000000), ref: 006BF4E1
MapVirtualKeyW.USER32(00000012,00000000), ref: 006BF4F6
keybd_event.USER32(00000012,00000000), ref: 006BF501
MapVirtualKeyW.USER32(00000012,00000000), ref: 006BF50B
keybd_event.USER32(00000012,00000000), ref: 006BF510
MapVirtualKeyW.USER32(00000012,00000000), ref: 006BF519
keybd_event.USER32(00000012,00000000), ref: 006BF51E
MapVirtualKeyW.USER32(00000012,00000000), ref: 006BF528
keybd_event.USER32(00000012,00000000), ref: 006BF52D
SetForegroundWindow.USER32(00000000), ref: 006BF530
AttachThreadInput.USER32(?,000000FF,00000000), ref: 006BF557

Strings

Shell_TrayWnd, xrefs: 006BF46F

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: a472127954f07b94e6ef8dd5d420f9df3c1301bd45000d920bfeaa4130e108c1
Instruction ID: a2254b9c277056553e7a476b0708ccfceda9340379439b35be540433de3bfa92
Opcode Fuzzy Hash: a472127954f07b94e6ef8dd5d420f9df3c1301bd45000d920bfeaa4130e108c1
Instruction Fuzzy Hash: E43141B2A4021CBBEB206BB55D4AFFF7E6EEB44B60F101065FA01E61D1C6B15D50EB60

Function 006C1201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 006C16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 006C170D
Part of subcall function 006C16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 006C173A
Part of subcall function 006C16C3: GetLastError.KERNEL32 ref: 006C174A

LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 006C1286
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 006C12A8
CloseHandle.KERNEL32(?), ref: 006C12B9
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 006C12D1
GetProcessWindowStation.USER32 ref: 006C12EA
SetProcessWindowStation.USER32(00000000), ref: 006C12F4
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 006C1310

Part of subcall function 006C10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,006C11FC), ref: 006C10D4
Part of subcall function 006C10BF: CloseHandle.KERNEL32(?,?,006C11FC), ref: 006C10E9

Strings

Zr, xrefs: 006C1392
, xrefs: 006C125A
winsta0, xrefs: 006C12CC
default, xrefs: 006C130B

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
String ID: $default$winsta0$Zr
API String ID: 22674027-1304496012
Opcode ID: 01c39be9a4b75d0b9a5f871a71b2a767f0dd5a1e68f5b3b5292e8d9384a6eded
Instruction ID: e974a7e668817f8550234e86b443e9e90eff730ed0f6ecce62902a22206d6819
Opcode Fuzzy Hash: 01c39be9a4b75d0b9a5f871a71b2a767f0dd5a1e68f5b3b5292e8d9384a6eded
Instruction Fuzzy Hash: 67818871900209ABDF259FA4DD49FFE7BBAEF06704F14816DF910AA2A2D7358944CB60

Function 006C0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 006C10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 006C1114
Part of subcall function 006C10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,006C0B9B,?,?,?), ref: 006C1120
Part of subcall function 006C10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,006C0B9B,?,?,?), ref: 006C112F
Part of subcall function 006C10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,006C0B9B,?,?,?), ref: 006C1136
Part of subcall function 006C10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 006C114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 006C0BCC
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 006C0C00
GetLengthSid.ADVAPI32(?), ref: 006C0C17
GetAce.ADVAPI32(?,00000000,?), ref: 006C0C51
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 006C0C6D
GetLengthSid.ADVAPI32(?), ref: 006C0C84
GetProcessHeap.KERNEL32(00000008,00000008), ref: 006C0C8C
HeapAlloc.KERNEL32(00000000), ref: 006C0C93
GetLengthSid.ADVAPI32(?,00000008,?), ref: 006C0CB4
CopySid.ADVAPI32(00000000), ref: 006C0CBB
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 006C0CEA
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 006C0D0C
SetUserObjectSecurity.USER32(?,00000004,?), ref: 006C0D1E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 006C0D45
HeapFree.KERNEL32(00000000), ref: 006C0D4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 006C0D55
HeapFree.KERNEL32(00000000), ref: 006C0D5C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 006C0D65
HeapFree.KERNEL32(00000000), ref: 006C0D6C
GetProcessHeap.KERNEL32(00000000,?), ref: 006C0D78
HeapFree.KERNEL32(00000000), ref: 006C0D7F

Part of subcall function 006C1193: GetProcessHeap.KERNEL32(00000008,006C0BB1,?,00000000,?,006C0BB1,?), ref: 006C11A1
Part of subcall function 006C1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,006C0BB1,?), ref: 006C11A8
Part of subcall function 006C1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,006C0BB1,?), ref: 006C11B7

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: c47f94fe51f13fa34a8be9bce5c61ef5dafe42b3f31b867101b764084e9420ae
Instruction ID: 559b921c44de0c30dbb16f9f05754a23add4f6a48a01ded66c7057af8ed14553
Opcode Fuzzy Hash: c47f94fe51f13fa34a8be9bce5c61ef5dafe42b3f31b867101b764084e9420ae
Instruction Fuzzy Hash: F9714A7190020AEBEF10DFA4DD44FFEBBBAEF09710F044619E915A7291D771A905CB60

Function 006DEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(006FCC08), ref: 006DEB29
IsClipboardFormatAvailable.USER32(0000000D), ref: 006DEB37
GetClipboardData.USER32(0000000D), ref: 006DEB43
CloseClipboard.USER32 ref: 006DEB4F
GlobalLock.KERNEL32(00000000), ref: 006DEB87
CloseClipboard.USER32 ref: 006DEB91
GlobalUnlock.KERNEL32(00000000), ref: 006DEBBC
IsClipboardFormatAvailable.USER32(00000001), ref: 006DEBC9
GetClipboardData.USER32(00000001), ref: 006DEBD1
GlobalLock.KERNEL32(00000000), ref: 006DEBE2
GlobalUnlock.KERNEL32(00000000), ref: 006DEC22
IsClipboardFormatAvailable.USER32(0000000F), ref: 006DEC38
GetClipboardData.USER32(0000000F), ref: 006DEC44
GlobalLock.KERNEL32(00000000), ref: 006DEC55
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 006DEC77
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 006DEC94
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 006DECD2
GlobalUnlock.KERNEL32(00000000), ref: 006DECF3
CountClipboardFormats.USER32 ref: 006DED14
CloseClipboard.USER32 ref: 006DED59

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: da1f5d0b9d0a141c014a0723d43e1070f99d8e22df354c86231c7ddf2a41ccc8
Instruction ID: 34ace6cbdcaed9d5e4b07a47efbdc293a3e2fb77be02185fed55effccbb78cc1
Opcode Fuzzy Hash: da1f5d0b9d0a141c014a0723d43e1070f99d8e22df354c86231c7ddf2a41ccc8
Instruction Fuzzy Hash: 9061AD34604205AFD300EF24D984F7A77ABEF84714F14551EF4569B3A2DB32E90ACBA2

Function 006D698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 006D69BE
FindClose.KERNEL32(00000000), ref: 006D6A12
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 006D6A4E
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 006D6A75

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

FileTimeToSystemTime.KERNEL32(?,?), ref: 006D6AB2
FileTimeToSystemTime.KERNEL32(?,?), ref: 006D6ADF

Strings

%4d%02d%02d%02d%02d%02d, xrefs: 006D6B6A
%02d, xrefs: 006D6C00, 006D6C0A, 006D6C5A, 006D6CAA, 006D6CFA, 006D6D4A
%4d%02d%02d%02d%02d%02d%03d, xrefs: 006D6B32
%4d, xrefs: 006D6BB1
%03d, xrefs: 006D6DA2

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: a527336bf73db5ea9a82ab2897313c1a61e5e15a1161596e7adf113f9ea56ea4
Instruction ID: 238a255a3585f8267d8c8080678405cb8954a75965a9bf87c3d27689ee15f2e9
Opcode Fuzzy Hash: a527336bf73db5ea9a82ab2897313c1a61e5e15a1161596e7adf113f9ea56ea4
Instruction Fuzzy Hash: 32D161B1508340AFC354EBA4D981EABB7EDAF88704F04491EF585C7291EB75DA44CB62

Function 006D9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 006D9663
GetFileAttributesW.KERNEL32(?), ref: 006D96A1
SetFileAttributesW.KERNEL32(?,?), ref: 006D96BB
FindNextFileW.KERNEL32(00000000,?), ref: 006D96D3
FindClose.KERNEL32(00000000), ref: 006D96DE
FindFirstFileW.KERNEL32(*.*,?), ref: 006D96FA
SetCurrentDirectoryW.KERNEL32(?), ref: 006D974A
SetCurrentDirectoryW.KERNEL32(00726B7C), ref: 006D9768
FindNextFileW.KERNEL32(00000000,00000010), ref: 006D9772
FindClose.KERNEL32(00000000), ref: 006D977F
FindClose.KERNEL32(00000000), ref: 006D978F

Strings

*.*, xrefs: 006D96F5

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: b18e938ec740818c3799e24fc99986bdbdc50d64dc1b976bd7dceb617a112845
Instruction ID: 14c0c853ea115cfa8f444b73321cbb42d46c3bcdaad62403daaf396361856b2d
Opcode Fuzzy Hash: b18e938ec740818c3799e24fc99986bdbdc50d64dc1b976bd7dceb617a112845
Instruction Fuzzy Hash: 8E31C07294021D6EDF14AFB4ED18AEE77AEEF09320F104156F805E22A0DB34DA44CB64

Function 006D979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 006D97BE
FindNextFileW.KERNEL32(00000000,?), ref: 006D9819
FindClose.KERNEL32(00000000), ref: 006D9824
FindFirstFileW.KERNEL32(*.*,?), ref: 006D9840
SetCurrentDirectoryW.KERNEL32(?), ref: 006D9890
SetCurrentDirectoryW.KERNEL32(00726B7C), ref: 006D98AE
FindNextFileW.KERNEL32(00000000,00000010), ref: 006D98B8
FindClose.KERNEL32(00000000), ref: 006D98C5
FindClose.KERNEL32(00000000), ref: 006D98D5

Part of subcall function 006CDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 006CDB00

Strings

*.*, xrefs: 006D983B

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: 036d5560018b7b66e2a60e7fdc5c67c0cd35a3aa28a6ee0e93a7f62c1cd1d979
Instruction ID: 0dc3a58013cf78585a88efedc1e06b7ab84e8b923775f82f5595606452f46e9d
Opcode Fuzzy Hash: 036d5560018b7b66e2a60e7fdc5c67c0cd35a3aa28a6ee0e93a7f62c1cd1d979
Instruction Fuzzy Hash: 1331C37294021D6EDF10AFB4EC48AEE77AEEF06720F144557E810A22A0DB30DA45DB64

Function 006EBE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON

Download Yara Rule

APIs

Part of subcall function 006EC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,006EB6AE,?,?), ref: 006EC9B5
Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006EC9F1
Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006ECA68
Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006ECA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006EBF3E
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 006EBFA9
RegCloseKey.ADVAPI32(00000000), ref: 006EBFCD
RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 006EC02C
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 006EC0E7
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 006EC154
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 006EC1E9
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 006EC23A
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 006EC2E3
RegCloseKey.ADVAPI32(?,?,00000000), ref: 006EC382
RegCloseKey.ADVAPI32(00000000), ref: 006EC38F

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
String ID:
API String ID: 3102970594-0
Opcode ID: 59c3c1c22fbdfa78a3201a35d465b51ff56b7dc9ed4e2e21645c941d7a5798a9
Instruction ID: c50c03c3b28b601d0434f239b2615e6a9f64da96fc51a9ff9e7b9b660bb686c2
Opcode Fuzzy Hash: 59c3c1c22fbdfa78a3201a35d465b51ff56b7dc9ed4e2e21645c941d7a5798a9
Instruction Fuzzy Hash: 23024E716043409FD714CF25C891E6AB7E6AF49318F18849DF84ADB3A2DB31ED46CB51

Function 006D8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 006D8257
SystemTimeToFileTime.KERNEL32(?,?), ref: 006D8267
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 006D8273
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 006D8310
SetCurrentDirectoryW.KERNEL32(?), ref: 006D8324
SetCurrentDirectoryW.KERNEL32(?), ref: 006D8356
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 006D838C
SetCurrentDirectoryW.KERNEL32(?), ref: 006D8395

Strings

*.*, xrefs: 006D839B

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: e6487197de19635530c12f21c4425f021e6e03ec6b436839ac40a1156bb41716
Instruction ID: e383e734aa487776cd5f162a3377ef8818e3f4d8676a6810efff26e6c2ea4137
Opcode Fuzzy Hash: e6487197de19635530c12f21c4425f021e6e03ec6b436839ac40a1156bb41716
Instruction Fuzzy Hash: 846159725043459FCB10EF64C8449AEB3EAFF89324F04491EF989C7251EB31E945CB96

Function 006CD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00663AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00663A97,?,?,00662E7F,?,?,?,00000000), ref: 00663AC2

Part of subcall function 006CE199: GetFileAttributesW.KERNEL32(?,006CCF95), ref: 006CE19A

FindFirstFileW.KERNEL32(?,?), ref: 006CD122
DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 006CD1DD
MoveFileW.KERNEL32(?,?), ref: 006CD1F0
DeleteFileW.KERNEL32(?,?,?,?), ref: 006CD20D
FindNextFileW.KERNEL32(00000000,00000010), ref: 006CD237

Part of subcall function 006CD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,006CD21C,?,?), ref: 006CD2B2

FindClose.KERNEL32(00000000,?,?,?), ref: 006CD253
FindClose.KERNEL32(00000000), ref: 006CD264

Strings

\*.*, xrefs: 006CD0CD, 006CD0D6, 006CD0EB

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 1946585618-1173974218
Opcode ID: 886272406969811fb32ad9cee7fb35afd3ca1928b8173b0685029a273fa88e8b
Instruction ID: 4e04c89366276f4b8571b7873e3f1f78d1f8fbe104ce2998ab62445aa791e58e
Opcode Fuzzy Hash: 886272406969811fb32ad9cee7fb35afd3ca1928b8173b0685029a273fa88e8b
Instruction Fuzzy Hash: C861263180111DAACF45EBA0DA92EFDB7BAEF15300F24416DE40277291EB35AF09DB64

Function 006DED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 006DED91
EmptyClipboard.USER32 ref: 006DED97
GlobalAlloc.KERNEL32(00000002,?), ref: 006DEDAC
CloseClipboard.USER32 ref: 006DEEA3

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: 4a3f058764883e18d56d3b444cc41c80c4e85f386ddaee0c35c4a0726bab164d
Instruction ID: 701f5b35e24d616708bc862a86ad4949a92dfdb529f17f2c9363d0e1284e15c5
Opcode Fuzzy Hash: 4a3f058764883e18d56d3b444cc41c80c4e85f386ddaee0c35c4a0726bab164d
Instruction Fuzzy Hash: 1F418C35604611AFE720EF15D888F69BBE2EF44328F14C09AE4558F762CB76ED42CB90

Function 006CE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 006C16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 006C170D
Part of subcall function 006C16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 006C173A
Part of subcall function 006C16C3: GetLastError.KERNEL32 ref: 006C174A

ExitWindowsEx.USER32(?,00000000), ref: 006CE932

Strings

, xrefs: 006CE95C
, xrefs: 006CE920
SeShutdownPrivilege, xrefs: 006CE902
@, xrefs: 006CE925

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: fbbf3bf5ed78c07e6e25fc1f91db2acc71c54023694dfb06c65983f73b024671
Instruction ID: 41d381a3733bb0673c003d50404cb2205ef9499db829543358a52b961adac70a
Opcode Fuzzy Hash: fbbf3bf5ed78c07e6e25fc1f91db2acc71c54023694dfb06c65983f73b024671
Instruction Fuzzy Hash: AC012672610214ABEB9422B49C8AFFF727EE715751F14052EF802E31D2D9B25C4082A4

Function 006E1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 006E1276
WSAGetLastError.WSOCK32 ref: 006E1283
bind.WSOCK32(00000000,?,00000010), ref: 006E12BA
WSAGetLastError.WSOCK32 ref: 006E12C5
closesocket.WSOCK32(00000000), ref: 006E12F4
listen.WSOCK32(00000000,00000005), ref: 006E1303
WSAGetLastError.WSOCK32 ref: 006E130D
closesocket.WSOCK32(00000000), ref: 006E133C

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ErrorLast$closesocket$bindlistensocket
String ID:
API String ID: 540024437-0
Opcode ID: c009b684fcf188cc97a9a705c0d4885f2eff9bbf03e10e186e5b75aa646b3f46
Instruction ID: 206d3ba926d327e3d86d66059caa1d4f638873078526cbb795c4a6b6fc8899c4
Opcode Fuzzy Hash: c009b684fcf188cc97a9a705c0d4885f2eff9bbf03e10e186e5b75aa646b3f46
Instruction Fuzzy Hash: F341A3316002409FD710DF65C998B69BBE7BF46328F188188D9568F396C771ED82CBE1

Function 006CD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00663AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00663A97,?,?,00662E7F,?,?,?,00000000), ref: 00663AC2

Part of subcall function 006CE199: GetFileAttributesW.KERNEL32(?,006CCF95), ref: 006CE19A

FindFirstFileW.KERNEL32(?,?), ref: 006CD420
DeleteFileW.KERNEL32(?,?,?,?), ref: 006CD470
FindNextFileW.KERNEL32(00000000,00000010), ref: 006CD481
FindClose.KERNEL32(00000000), ref: 006CD498
FindClose.KERNEL32(00000000), ref: 006CD4A1

Strings

\*.*, xrefs: 006CD3F2

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: 2b94bad9f49d7457b4a331774bda028fac0d05aaf84ac7a2064943a61fd55e12
Instruction ID: 20d4b157712c50c418dd72b267fff319ad9affe47ca7f87e7c9f0b962591355b
Opcode Fuzzy Hash: 2b94bad9f49d7457b4a331774bda028fac0d05aaf84ac7a2064943a61fd55e12
Instruction Fuzzy Hash: 0A319E31008345ABC304EF64D9919BFB7EAEE91310F449A2DF4D593291EB30AA09CB67

Function 0069E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 0069E645

Strings

1#QNAN, xrefs: 0069F84B
1#SNAN, xrefs: 0069F844
1#IND, xrefs: 0069F83D
1#INF, xrefs: 0069F852

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: d2134331e65f6b7a1c41791fa1fed715f550116950f5450a364724981a985cf3
Instruction ID: 1a4bf757c76e475187142a4ae0091a780d5a9a86fd4832c9b7b9c508d964dc7d
Opcode Fuzzy Hash: d2134331e65f6b7a1c41791fa1fed715f550116950f5450a364724981a985cf3
Instruction Fuzzy Hash: 1DC24971E086288FDF65CF289D407EAB7BAEB48314F1541EAD44DE7640E779AE818F40

Function 006D648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 006D64DC
CoInitialize.OLE32(00000000), ref: 006D6639
CoCreateInstance.OLE32(006FFCF8,00000000,00000001,006FFB68,?), ref: 006D6650
CoUninitialize.OLE32 ref: 006D68D4

Strings

.lnk, xrefs: 006D64BA, 006D6524, 006D65E0

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: 649c0f3e70234376e52d1caacc0899995659ee94acc89c379112371c36f38573
Instruction ID: 7b820bcfb58f8572b8cd4546946005ff5e4e2612baf1d9007dbf3d2deff1fa6c
Opcode Fuzzy Hash: 649c0f3e70234376e52d1caacc0899995659ee94acc89c379112371c36f38573
Instruction Fuzzy Hash: 1BD14A71508341AFC344EF24C88196BB7EAFF98704F00496DF5958B2A1DB71ED45CBA2

Function 006E22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 006E22E8

Part of subcall function 006DE4EC: GetWindowRect.USER32(?,?), ref: 006DE504

GetDesktopWindow.USER32 ref: 006E2312
GetWindowRect.USER32(00000000), ref: 006E2319
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 006E2355
GetCursorPos.USER32(?), ref: 006E2381
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 006E23DF

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: db5bab38f5d13b692fae099af44b26e638cc80082131b9e5635c474315b9541b
Instruction ID: 06b85c400ee5331e72ffbc0ca069b2e846912220946e807b6a284e1ecbc0a9d4
Opcode Fuzzy Hash: db5bab38f5d13b692fae099af44b26e638cc80082131b9e5635c474315b9541b
Instruction Fuzzy Hash: 7331BE72505356ABC720DF15C845BABB7ABFB84310F00191DF98597281DA35E908CB92

Function 006D9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 006D9B78
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 006D9C8B

Part of subcall function 006D3874: GetInputState.USER32 ref: 006D38CB
Part of subcall function 006D3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 006D3966

Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 006D9BA8
FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 006D9C75

Strings

*.*, xrefs: 006D9B5D

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
String ID: *.*
API String ID: 1972594611-438819550
Opcode ID: 67b961bc6e363df19cd958378c6cdd33c00f1b615f34299d12fcb94751b7ccf2
Instruction ID: ca0f0c90b92500ddc89da94f3dac51a9c5ea2e9660553553aecd03287cd72221
Opcode Fuzzy Hash: 67b961bc6e363df19cd958378c6cdd33c00f1b615f34299d12fcb94751b7ccf2
Instruction Fuzzy Hash: 65417371D0421AAFCF54DFA4C995AEE7BBAEF05310F24415AE805A33A1EB309E44CF64

Function 00668060 Relevance: 8.7, Strings: 6, Instructions: 1151COMMON

Download Yara Rule

Strings

VUUU, xrefs: 006683E8
VUUU, xrefs: 0066843C
VUUU, xrefs: 006A5DF0
InitializeCriticalSectionEx, xrefs: 006683BC, 006683C8
VUUU, xrefs: 006683FA
ERCP, xrefs: 0066813C

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID: ERCP$InitializeCriticalSectionEx$VUUU$VUUU$VUUU$VUUU
API String ID: 0-1173862840
Opcode ID: 2df68ad11c3716787259b2909f8c4424ea41bc37dfbc4fca90d3b0dd3c8a39e4
Instruction ID: 52d6e030c64109d45743bc02e71677cb92d72b1843e37d543f5a6db8a93aecee
Opcode Fuzzy Hash: 2df68ad11c3716787259b2909f8c4424ea41bc37dfbc4fca90d3b0dd3c8a39e4
Instruction Fuzzy Hash: 6EA25D70A0061ACFDF24DF68C9507EDB7B2BB55314F2482AAE816A7385DB709D81CF90

Function 0067997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON

Download Yara Rule

APIs

Part of subcall function 00679BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00679BB2

DefDlgProcW.USER32(?,?,?,?,?), ref: 00679A4E
GetSysColor.USER32(0000000F), ref: 00679B23
SetBkColor.GDI32(?,00000000), ref: 00679B36

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Color$LongProcWindow
String ID:
API String ID: 3131106179-0
Opcode ID: ba43cdf3be01f36bf3ff65efd7b5937c484fbee32e2dfd3f259d587866ada94d
Instruction ID: bed47701d1ea528ad641e808716ca5f7e7758029b004d60b646d7b6a1c164ebd
Opcode Fuzzy Hash: ba43cdf3be01f36bf3ff65efd7b5937c484fbee32e2dfd3f259d587866ada94d
Instruction Fuzzy Hash: 0EA109B0109444AEE728AA3C8C59EFB27DFDB82350F25C11DF506C6795CA259D82D37A

Function 006E1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON

Download Yara Rule

APIs

Part of subcall function 006E304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 006E307A
Part of subcall function 006E304E: _wcslen.LIBCMT ref: 006E309B

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 006E185D
WSAGetLastError.WSOCK32 ref: 006E1884
bind.WSOCK32(00000000,?,00000010), ref: 006E18DB
WSAGetLastError.WSOCK32 ref: 006E18E6
closesocket.WSOCK32(00000000), ref: 006E1915

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
String ID:
API String ID: 1601658205-0
Opcode ID: 584f4f0260dbd40e01786c59b99448ae0cfd0fa049c8d6c9d41bb38d1879fa7c
Instruction ID: 0b1bd84e5e80960e23a3fcd773d8be968f47888a12692d97aad848d72c2f2418
Opcode Fuzzy Hash: 584f4f0260dbd40e01786c59b99448ae0cfd0fa049c8d6c9d41bb38d1879fa7c
Instruction Fuzzy Hash: EE51A371A002109FE710AF24C896F6A77E6AB45718F18809CF95A9F3D3C771AD41CBA5

Function 006F1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 006F1CC0
IsWindowEnabled.USER32 ref: 006F1CCE
GetForegroundWindow.USER32(?,?,00000001,?), ref: 006F1CDB
IsIconic.USER32 ref: 006F1CE9
IsZoomed.USER32 ref: 006F1CF7

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: f06727cceab529a95a85ba5388bffb612c2a3b23055d7c959139ba8c50a01ff0
Instruction ID: 0d6abd271febc11ff88c851f4d336da7edabb0951a052a8fad4ed76887585b3f
Opcode Fuzzy Hash: f06727cceab529a95a85ba5388bffb612c2a3b23055d7c959139ba8c50a01ff0
Instruction Fuzzy Hash: 8821B1317402099FD7208F1AC854B7A7BA7AF86364B18805CE946CF351C775EC42CB94

Function 006C8298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,00000000), ref: 006C82AA

Strings

(, xrefs: 006C82F0
|, xrefs: 006C82DA
tbr, xrefs: 006C84F4

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: lstrlen
String ID: ($tbr$|
API String ID: 1659193697-2672883373
Opcode ID: 2a3b65ce8723439ce21262a1ea39948268250094c8de02447acd60e74ab2664a
Instruction ID: 28a24e6a0670a4102f42e0be5a4a006485994fe5e877d70c6f89c7751f75bca0
Opcode Fuzzy Hash: 2a3b65ce8723439ce21262a1ea39948268250094c8de02447acd60e74ab2664a
Instruction Fuzzy Hash: 88323474A006059FCB28CF59C481EAAB7F1FF48710B15C56EE49ADB7A1EB70E941CB44

Function 006CAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 006CAAAC
SetKeyboardState.USER32(00000080), ref: 006CAAC8
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 006CAB36
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 006CAB88

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: cfeb215c317ef6de52e373875754ee9a39b3c7a7c5496faf0340609b694d6b7b
Instruction ID: 007b2db71a03faacc819e1a4337caf12ff65c6f2335fc88e1699b7ad01796d7b
Opcode Fuzzy Hash: cfeb215c317ef6de52e373875754ee9a39b3c7a7c5496faf0340609b694d6b7b
Instruction Fuzzy Hash: BB31F370A4024CAFEB258AA4CC09FFA7BA7EB44324F04421EF181962D1D7758D81C766

Function 0069BB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0069BB7F

Part of subcall function 006929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000), ref: 006929DE
Part of subcall function 006929C8: GetLastError.KERNEL32(00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000,00000000), ref: 006929F0

GetTimeZoneInformation.KERNEL32 ref: 0069BB91
WideCharToMultiByte.KERNEL32(00000000,?,0073121C,000000FF,?,0000003F,?,?), ref: 0069BC09
WideCharToMultiByte.KERNEL32(00000000,?,00731270,000000FF,?,0000003F,?,?,?,0073121C,000000FF,?,0000003F,?,?), ref: 0069BC36

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
String ID:
API String ID: 806657224-0
Opcode ID: d554b304fd4dfdf2105502cc17c294b4c043f158bb5d47dab170599f158e1d87
Instruction ID: 89d977790f8098d60a17ffd127a12618ebaa4902e456e7a0eeace08d1fd70313
Opcode Fuzzy Hash: d554b304fd4dfdf2105502cc17c294b4c043f158bb5d47dab170599f158e1d87
Instruction Fuzzy Hash: DD31CE70A04205DFDF10DF69ED8097ABBBABF45720B1492AAE050D77A1DB309901CB94

Function 006DCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000400,?), ref: 006DCE89
GetLastError.KERNEL32(?,00000000), ref: 006DCEEA
SetEvent.KERNEL32(?,?,00000000), ref: 006DCEFE

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ErrorEventFileInternetLastRead
String ID:
API String ID: 234945975-0
Opcode ID: 6943f802daa9c0b406f00c4b6adcf8dd7f09552c09d176ae59ab3be0cea5b2ac
Instruction ID: f1af27b7a86d70ece0c0663cb373425130a85d07cf0bf4e63ae76d2edd315f72
Opcode Fuzzy Hash: 6943f802daa9c0b406f00c4b6adcf8dd7f09552c09d176ae59ab3be0cea5b2ac
Instruction Fuzzy Hash: A221BDB190030A9BDB20DFA5C949BA777FEEF40364F10441EE546D2251E770EE05DB64

Function 006D5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 006D5CC1
FindNextFileW.KERNEL32(00000000,?), ref: 006D5D17
FindClose.KERNEL32(?), ref: 006D5D5F

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 93685cf9635b75742729181ea72162eedb557e0f24338bd577f3131d7593ca49
Instruction ID: 1bdb12793440c822c05f6209b6bba8d67946dfe75150364ab926bba6f07608a1
Opcode Fuzzy Hash: 93685cf9635b75742729181ea72162eedb557e0f24338bd577f3131d7593ca49
Instruction Fuzzy Hash: D1519B74A04A019FC714DF28C494EA6B7E6FF49324F14855EE99A8B3A1CB30ED05CFA5

Function 00692622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 0069271A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00692724
UnhandledExceptionFilter.KERNEL32(?), ref: 00692731

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 1d7515fc7d84ff1413db551d8a0ab57bb69f71377449b9f24198114b22d6be66
Instruction ID: 768e6e1a015028fb391ee9f68d537ba00fd6b3776cc4a1aa1ed3c43978d243b7
Opcode Fuzzy Hash: 1d7515fc7d84ff1413db551d8a0ab57bb69f71377449b9f24198114b22d6be66
Instruction Fuzzy Hash: CC31D47590121DABCB61DF68DD887DCBBB9AF08310F5042EAE81CA7261E7309F858F44

Function 006D51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 006D51DA
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 006D5238
SetErrorMode.KERNEL32(00000000), ref: 006D52A1

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: 3ba486d2555cbb632decf979827266a11ddaf503015bff1ab2f126b306c5ec19
Instruction ID: e726d0ae8c963e02170eab9c86accd33252b000b356c235f513044fa1e137907
Opcode Fuzzy Hash: 3ba486d2555cbb632decf979827266a11ddaf503015bff1ab2f126b306c5ec19
Instruction Fuzzy Hash: 3B314175A00518DFDB00DF54D884EADBBB5FF49314F048099E8459B352DB31E95ACB91

Function 006C16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 0067FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00680668
Part of subcall function 0067FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00680685

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 006C170D
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 006C173A
GetLastError.KERNEL32 ref: 006C174A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 577356006-0
Opcode ID: b5a521203ebde472564391885c07a9b48da2d72fc29d78e8a078f8c9bf385ebf
Instruction ID: 9b053a01fa4881bf7959aef80b6f322a25ce78a1e1e8684d0c896e456f0eba1d
Opcode Fuzzy Hash: b5a521203ebde472564391885c07a9b48da2d72fc29d78e8a078f8c9bf385ebf
Instruction Fuzzy Hash: 6E1191B2404308FFD7289F54DC86E7AB7BAEF45764B20856EE05657241EB70BC42CB24

Function 006CD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 006CD608
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 006CD645
CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 006CD650

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: c4ad24fb339482461e9b5977f4e12bbaa893a037a2d21c49223069e83058bfe6
Instruction ID: da241d153c957ae5ba7c533d37f9c7d10fdcaa057ca63f79e8887ac0f5d1d63a
Opcode Fuzzy Hash: c4ad24fb339482461e9b5977f4e12bbaa893a037a2d21c49223069e83058bfe6
Instruction Fuzzy Hash: 83115E75E05228BFDB108F99DD45FAFBBBDEB45B60F108126F904E7290D6704A05CBA1

Function 006C1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 006C168C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 006C16A1
FreeSid.ADVAPI32(?), ref: 006C16B1

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: 57f784b50343ffbb50b14927fa8d5dc51b6154bead13a3d1b8ab43487c475640
Instruction ID: 56049c8147a2912f344dd00db6aa0aec0eaaf373644b3074bcd868cf08d0e16f
Opcode Fuzzy Hash: 57f784b50343ffbb50b14927fa8d5dc51b6154bead13a3d1b8ab43487c475640
Instruction Fuzzy Hash: 46F0447194030CFBDB00CFE48D89EAEBBBDEB08210F004864E500E2181E731AA449A50

Function 00684CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(006928E9,?,00684CBE,006928E9,007288B8,0000000C,00684E15,006928E9,00000002,00000000,?,006928E9), ref: 00684D09
TerminateProcess.KERNEL32(00000000,?,00684CBE,006928E9,007288B8,0000000C,00684E15,006928E9,00000002,00000000,?,006928E9), ref: 00684D10
ExitProcess.KERNEL32 ref: 00684D22

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: f4dad5bf76bbdca41ed19e8abc1afd31d517e3d7206330d1784d82974b4f9238
Instruction ID: 88705dbc3f0d0100a9effe8b00d2d3116f813627cf5a141ba867909b10d24b13
Opcode Fuzzy Hash: f4dad5bf76bbdca41ed19e8abc1afd31d517e3d7206330d1784d82974b4f9238
Instruction Fuzzy Hash: 35E0B632000549ABCF12BF54DE09AA87B6BEF41791B104118FD058A622CF35ED52DB84

Function 006BD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 006BD28C

Strings

X64, xrefs: 006BD2A8

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: NameUser
String ID: X64
API String ID: 2645101109-893830106
Opcode ID: fd30e5ecc1948503b163b55416079d251cac5d82530a51b2a228647a1ae41a9f
Instruction ID: de3afef0be66c9e428ad65daa0b5162ee74ea29c3dad4430fe7594d2b0eed422
Opcode Fuzzy Hash: fd30e5ecc1948503b163b55416079d251cac5d82530a51b2a228647a1ae41a9f
Instruction Fuzzy Hash: F9D0C9B480111DEACB94CBA0DC88DD9B37DBF04305F104555F106A2000DB30964A9F10

Function 0068CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction ID: 1d3b25c4c30b1eae85947abf45b484184dedffd407672fb1f8f29c269d8a98eb
Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction Fuzzy Hash: F5021C71E001199BDF14DFA9D8846EDBBF2FF48324F25826AD919EB380D731A941CB94

Function 0066CAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON

Download Yara Rule

Strings

p#s, xrefs: 0066CF7F
Variable is not of type 'Object'., xrefs: 006B0C40

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID: Variable is not of type 'Object'.$p#s
API String ID: 0-2564790187
Opcode ID: bf181c86aeca93a9780ee6e1014dd44d898f9df78bf2ede6269794697df652cb
Instruction ID: b0eb2b7afc05eed62aa3ebcca7900a68a8f0686c316370d157c695d59ae842c7
Opcode Fuzzy Hash: bf181c86aeca93a9780ee6e1014dd44d898f9df78bf2ede6269794697df652cb
Instruction Fuzzy Hash: 7D329C70900618DBDF14DF94C891AFEBBB7BF04314F148059E846AB392DB75AE86CB64

Function 006D68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 006D6918
FindClose.KERNEL32(00000000), ref: 006D6961

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 9a0ed65683a9b9af94eda893cd610f2f6c07cd9f7bd13ff7724603a1ff8de0a5
Instruction ID: 661a78d5f00322dbe151cc68cba1ce0c6c0f1026952c01277cf18e5fdffdae2a
Opcode Fuzzy Hash: 9a0ed65683a9b9af94eda893cd610f2f6c07cd9f7bd13ff7724603a1ff8de0a5
Instruction Fuzzy Hash: EB118E316046019FC710DF69D494A26BBE6EF89328F14C69EF4698F3A2CB70EC05CB91

Function 006D37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,006E4891,?,?,00000035,?), ref: 006D37E4
FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,006E4891,?,?,00000035,?), ref: 006D37F4

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: 519bc06749569663e8e20012014a626bb2e7b7033380d143cbdada9a0d0cb7f5
Instruction ID: c71083d312b018a0dd4e93a15a78d9aa56d64499544ebcc9a0b7be95a3739a5c
Opcode Fuzzy Hash: 519bc06749569663e8e20012014a626bb2e7b7033380d143cbdada9a0d0cb7f5
Instruction Fuzzy Hash: 09F0E5B1A053292AE76027668C4DFEB3AAFEFC5771F000166F509E2381D9609D04C6B5

Function 006CB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 006CB25D
keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 006CB270

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: 7ecb5828565a90c10088c17c836561e255eb93361e7b22d5949fe5871f65ae67
Instruction ID: 40cbd28bc3647a0f2b9ca8838fd0fe836107847319b6f8f1b32e0bf9ba5f8d78
Opcode Fuzzy Hash: 7ecb5828565a90c10088c17c836561e255eb93361e7b22d5949fe5871f65ae67
Instruction Fuzzy Hash: 20F01D7180424DABDB059FA4C806BFE7BB5FF04315F009409F955A5191C3799615DF94

Function 006C10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,006C11FC), ref: 006C10D4
CloseHandle.KERNEL32(?,?,006C11FC), ref: 006C10E9

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: 7234e2f7e9bab13310803e921910d67cc464ff29cdd851cd9e995bc23835d1ed
Instruction ID: bf399bed2235b8afa44e9de88c3ae40cdf568c2b0508898d2a89878acdeb83ec
Opcode Fuzzy Hash: 7234e2f7e9bab13310803e921910d67cc464ff29cdd851cd9e995bc23835d1ed
Instruction Fuzzy Hash: 78E04F32008600AEE7252B11FC05E7377AAEF05320B10C82DF4A5804B1DB626C90DB54

Function 0069676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00696766,?,?,00000008,?,?,0069FEFE,00000000), ref: 00696998

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: a7cf0911d459e4888353c1053b9ca3d5758d9b7c89ab650c75d957529b214ff3
Instruction ID: 0b0067485d078677a99bcb73493c7245fa56e7fdb67abc954dec952e01f7f063
Opcode Fuzzy Hash: a7cf0911d459e4888353c1053b9ca3d5758d9b7c89ab650c75d957529b214ff3
Instruction Fuzzy Hash: 64B15A316107099FDB15CF28C58ABA57BE5FF05364F258658F89ACF6A2C335E982CB40

Function 0067B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON

Download Yara Rule

Strings

, xrefs: 006B851F

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 9c04099408675ab85758d2dc3061cbe2dda935c68a8a319965188734af9bb000
Instruction ID: d308ed97430d481bc842b2ebbf03be2c3d879fb5cd390352c592ea3b7b2a37a6
Opcode Fuzzy Hash: 9c04099408675ab85758d2dc3061cbe2dda935c68a8a319965188734af9bb000
Instruction Fuzzy Hash: 481230B59002299FDB64CF58C8817EEB7F6FF48710F14819AE849EB255DB349E81CB90

Function 006DEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 006DEABD

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: ed010f15dce5f366fb6296de843a43b8481e6c44c3ac29799bdac694e908c887
Instruction ID: f13170e84c9a8f2136baac29fffc42d2fcd47e605e327b84f9070e8b29f90d37
Opcode Fuzzy Hash: ed010f15dce5f366fb6296de843a43b8481e6c44c3ac29799bdac694e908c887
Instruction Fuzzy Hash: 7CE04F316002099FC710EF5AD804E9AF7EAAF98770F04841BFC4ACB361DBB1E8418B94

Function 006809D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,006803EE), ref: 006809DA

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 9c195b0c2df08c9c40ff66a22985b34e1dffe551b54e7d2d28241e713db55a78
Instruction ID: ed38ef6a95cdd628f02335c4cd2b12d259b8895808775b0a97ddc0e1b62d2481
Opcode Fuzzy Hash: 9c195b0c2df08c9c40ff66a22985b34e1dffe551b54e7d2d28241e713db55a78
Instruction Fuzzy Hash:

Function 0068781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 0068798B

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction ID: 80f3ab037543d3c0620c48352130ffa09dc034d6cbefb6a4dbc5fa1728035918
Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction Fuzzy Hash: 495199A160C6055BDF38B528889D7FE279B9B12340F38072AD986D7382DA11DE42D35A

Function 006D2046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

0&s, xrefs: 006D2053

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID: 0&s
API String ID: 0-3522731808
Opcode ID: ec39bbefbc42790704da8463545af7066556845b396b074f8cae5cc951e3df70
Instruction ID: 11520940bea662c5b2866d5c90151b7292761e73c7435f0075e674154fff762f
Opcode Fuzzy Hash: ec39bbefbc42790704da8463545af7066556845b396b074f8cae5cc951e3df70
Instruction Fuzzy Hash: AB21DD327215118BD728CF79C82367E73E5A764310F15862EE4A7C37D1DE3AA904C784

Function 00696DD9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a0e8b95e5771799dfb5a07cd701a98de7685bf693f0febbc61a089623f0fbc2
Instruction ID: 489559295b3dec4d8216d1d8e76a449bf599d5f9e97784cca8087ca46797c61f
Opcode Fuzzy Hash: 5a0e8b95e5771799dfb5a07cd701a98de7685bf693f0febbc61a089623f0fbc2
Instruction Fuzzy Hash: 54320222D39F018DDB279634C826335628EAFB73D5F15D727E81AB5EA6EF29C4834104

Function 0067CC39 Relevance: .6, Instructions: 635COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 764c20bf2398be85612cf27ecf86fa526a6e073e085e0c18b099073a69a9ef8e
Instruction ID: 01ef1e2208f366fab06cbf131d405d9d005c7661af0eb56e49feca714357aa6e
Opcode Fuzzy Hash: 764c20bf2398be85612cf27ecf86fa526a6e073e085e0c18b099073a69a9ef8e
Instruction Fuzzy Hash: 9232F5B1A001158BDF39CF28C494AFD7BA3EB45330F28866AD4599B391D634DEC2DB50

Function 00667920 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c87bb2e2260174a58c8a6a09f5e5108a6c64b0fd8986543086c0412ec51f87a6
Instruction ID: 4f364e5e251224baf342bd4a386e4479421b25c2bbb3651ad5cef2fa426203b2
Opcode Fuzzy Hash: c87bb2e2260174a58c8a6a09f5e5108a6c64b0fd8986543086c0412ec51f87a6
Instruction Fuzzy Hash: 0A229E70A04609AFDF14DFA4C881AEEB3F7FF49304F244629E816A7291EB35AD15CB54

Function 006691C0 Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b085a68e0d442f66dcfffa5b421ec0cd69b1f86b006a0177eb44ccf0c14df7b
Instruction ID: e35d0873c5cd5cd5df9fd945a59b0a58b0e7197f9fedd4d4ebb08ac3cd83718e
Opcode Fuzzy Hash: 9b085a68e0d442f66dcfffa5b421ec0cd69b1f86b006a0177eb44ccf0c14df7b
Instruction Fuzzy Hash: 8C02A6B0A10105EBDB14EF54D981AAEB7B6FF45300F208169E816DB391EB35AE11CF95

Function 00699EEE Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6e97a342f394f8eb914ff84a05b1941477f02fcf49280d8f5a0436fc2b124d5
Instruction ID: cf2c6ebe149b717006aedada83caf0baf4c7419b8e7114276cfbde14ae1da8ea
Opcode Fuzzy Hash: e6e97a342f394f8eb914ff84a05b1941477f02fcf49280d8f5a0436fc2b124d5
Instruction Fuzzy Hash: 5BB1EF20D2AF408DD62396398871336F69CAFBB6D5F91D31BFC2674D62EF2686834144

Function 00681C77 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction ID: 92efa66387a5d8e3772ad5ded823a426d4a2c1fe4e5cd0eab3cdf05f7531f8a6
Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction Fuzzy Hash: 489187726080A34ADB29563E85341BEFFE65E933A131A079DD4F2CE2C1FE24C956D720

Function 00681F32 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction ID: 731be889d2cb7cae0d93862906ca126db98d6e6753d32c6c01aeac91b55447db
Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction Fuzzy Hash: 2E9186726080A34EDB69523A847807EFFE35A923A131A079DD5F2CF2C5EE24C565E720

Function 006819B0 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction ID: c6a00f8fefc83276aaf7e005eb89b6aeac8f4d82ca3d5a6ac2f100f19d547ab3
Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction Fuzzy Hash: 049184722090E34ADB2D567A857407DFFEA5A933A231A079ED4F2CE2C1FE14C656D720

Function 00687A4A Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c69126f1162fd8c2e9f4d8ddbeac2a66ab9fb71c72fff23dad7b1eca5ac62852
Instruction ID: 61d35df3f994bc9a66b502874466f9db527002d4e3635a3ab4e59db9f9794505
Opcode Fuzzy Hash: c69126f1162fd8c2e9f4d8ddbeac2a66ab9fb71c72fff23dad7b1eca5ac62852
Instruction Fuzzy Hash: FF6169712087099ADE78BE288D95BFE6397DF51700F740B1DE842DB381DA11DE42C369

Function 00687CA7 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2cccb976eed2e9254f22e2c2a2df4c95c675033989536a06b137c5cd472bd77
Instruction ID: fcb4280b8f10df04a59c49fea9791b6a644dc909d6b1041aba5124b9a144599a
Opcode Fuzzy Hash: a2cccb976eed2e9254f22e2c2a2df4c95c675033989536a06b137c5cd472bd77
Instruction Fuzzy Hash: 0A61793120870996DE38BA289859BFE6397AF42744F301B5DE942DB381EA52ED428359

Function 00681706 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction ID: 1a09e913bffb570f35d804513104e3ded2b7a174478b9ebeb0df4501af2636ef
Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction Fuzzy Hash: 6D8197726080A30ADB2D523A85354BEFFE75A933A131A079DD4F2CF2C1EE24C656D720

Function 0067D064 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a211b3e522018b24227d01d5ae69075bf535523e0d3b73ed2ef30ffa05330d27
Instruction ID: a452aa31eb8929d6da348a950abb6b5a8dbd180516c7894ca1d1a794f425845a
Opcode Fuzzy Hash: a211b3e522018b24227d01d5ae69075bf535523e0d3b73ed2ef30ffa05330d27
Instruction Fuzzy Hash: 7F6180725496819FDB0ACF20C9D2480FFA8FEA3A10308D6DECD458F1AED765D604CB61

Function 006E2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 006E2B30
DeleteObject.GDI32(00000000), ref: 006E2B43
DestroyWindow.USER32 ref: 006E2B52
GetDesktopWindow.USER32 ref: 006E2B6D
GetWindowRect.USER32(00000000), ref: 006E2B74
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 006E2CA3
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 006E2CB1
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006E2CF8
GetClientRect.USER32(00000000,?), ref: 006E2D04
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 006E2D40
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006E2D62
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006E2D75
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006E2D80
GlobalLock.KERNEL32(00000000), ref: 006E2D89
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006E2D98
GlobalUnlock.KERNEL32(00000000), ref: 006E2DA1
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006E2DA8
GlobalFree.KERNEL32(00000000), ref: 006E2DB3
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006E2DC5
OleLoadPicture.OLEAUT32(?,00000000,00000000,006FFC38,00000000), ref: 006E2DDB
GlobalFree.KERNEL32(00000000), ref: 006E2DEB
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 006E2E11
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 006E2E30
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006E2E52
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 006E303F

Strings

, xrefs: 006E2FC5
static, xrefs: 006E2D3A, 006E2E91
AutoIt v3, xrefs: 006E2CF2
DISPLAY, xrefs: 006E2EA2

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: d762f7f55d4609477f7b98a22b2a1989e1e9837c157dcd96aad17ca1dcb4547a
Instruction ID: d3c20db473aa080b5c8d613a7e81fb08a0521846211b3234b1ee9ee201aec02b
Opcode Fuzzy Hash: d762f7f55d4609477f7b98a22b2a1989e1e9837c157dcd96aad17ca1dcb4547a
Instruction Fuzzy Hash: 44028C71900209EFDB14DF65CD89EAE7BBAFF48725F008158F915AB2A1DB74AD01CB60

Function 006F70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 006F712F
GetSysColorBrush.USER32(0000000F), ref: 006F7160
GetSysColor.USER32(0000000F), ref: 006F716C
SetBkColor.GDI32(?,000000FF), ref: 006F7186
SelectObject.GDI32(?,?), ref: 006F7195
InflateRect.USER32(?,000000FF,000000FF), ref: 006F71C0
GetSysColor.USER32(00000010), ref: 006F71C8
CreateSolidBrush.GDI32(00000000), ref: 006F71CF
FrameRect.USER32(?,?,00000000), ref: 006F71DE
DeleteObject.GDI32(00000000), ref: 006F71E5
InflateRect.USER32(?,000000FE,000000FE), ref: 006F7230
FillRect.USER32(?,?,?), ref: 006F7262
GetWindowLongW.USER32(?,000000F0), ref: 006F7284

Part of subcall function 006F73E8: GetSysColor.USER32(00000012), ref: 006F7421
Part of subcall function 006F73E8: SetTextColor.GDI32(?,?), ref: 006F7425
Part of subcall function 006F73E8: GetSysColorBrush.USER32(0000000F), ref: 006F743B
Part of subcall function 006F73E8: GetSysColor.USER32(0000000F), ref: 006F7446
Part of subcall function 006F73E8: GetSysColor.USER32(00000011), ref: 006F7463
Part of subcall function 006F73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 006F7471
Part of subcall function 006F73E8: SelectObject.GDI32(?,00000000), ref: 006F7482
Part of subcall function 006F73E8: SetBkColor.GDI32(?,00000000), ref: 006F748B
Part of subcall function 006F73E8: SelectObject.GDI32(?,?), ref: 006F7498
Part of subcall function 006F73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 006F74B7
Part of subcall function 006F73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 006F74CE
Part of subcall function 006F73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 006F74DB

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: a7eb334f3e554dc01fb4f4ed4cfce9f1b7b2b32e4d6cfa4d91695df8667e8909
Instruction ID: d2fdf6a60322e6b038fa62364eae7b03bcf4605200a35a79c43960fda503d83f
Opcode Fuzzy Hash: a7eb334f3e554dc01fb4f4ed4cfce9f1b7b2b32e4d6cfa4d91695df8667e8909
Instruction Fuzzy Hash: ABA19D72008309AFDB00DF64DD48EBB7BAAFB89330F101A19FA62961E1D771E955CB51

Function 00678D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?), ref: 00678E14
SendMessageW.USER32(?,00001308,?,00000000), ref: 006B6AC5
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 006B6AFE
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 006B6F43

Part of subcall function 00678F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00678BE8,?,00000000,?,?,?,?,00678BBA,00000000,?), ref: 00678FC5

SendMessageW.USER32(?,00001053), ref: 006B6F7F
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 006B6F96
ImageList_Destroy.COMCTL32(00000000,?), ref: 006B6FAC
ImageList_Destroy.COMCTL32(00000000,?), ref: 006B6FB7

Strings

0, xrefs: 006B6DCF

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
String ID: 0
API String ID: 2760611726-4108050209
Opcode ID: 5f0ee86181aae7d3a0a254ec8fca5f79cd945d65dfd684ddbbfa14322e269bff
Instruction ID: 44e04e5590c604376e266820da798615e0bdcdfb783c1527a444181b990b7da8
Opcode Fuzzy Hash: 5f0ee86181aae7d3a0a254ec8fca5f79cd945d65dfd684ddbbfa14322e269bff
Instruction Fuzzy Hash: C712AB70604245DFDB25CF24C958BFABBA7FB44310F548469F5898B261CB3AEC92CB51

Function 006E2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 006E273E
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 006E286A
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 006E28A9
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 006E28B9
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 006E2900
GetClientRect.USER32(00000000,?), ref: 006E290C
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 006E2955
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 006E2964
GetStockObject.GDI32(00000011), ref: 006E2974
SelectObject.GDI32(00000000,00000000), ref: 006E2978
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 006E2988
GetDeviceCaps.GDI32(00000000,0000005A), ref: 006E2991
DeleteDC.GDI32(00000000), ref: 006E299A
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 006E29C6
SendMessageW.USER32(00000030,00000000,00000001), ref: 006E29DD
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 006E2A1D
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 006E2A31
SendMessageW.USER32(00000404,00000001,00000000), ref: 006E2A42
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 006E2A77
GetStockObject.GDI32(00000011), ref: 006E2A82
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 006E2A8D
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 006E2A97

Strings

msctls_progress32, xrefs: 006E2A13
static, xrefs: 006E294F, 006E2A71
AutoIt v3, xrefs: 006E28F8
DISPLAY, xrefs: 006E295A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 67dc135ee67e6ea2b788f4e85d619b5af93edb2755647ff7fa94883cc2b411a5
Instruction ID: 8f5aa6b446fa48e6d7bb5c7bde5de0127f5cccee6a65b92b7c1861c9e98f5d30
Opcode Fuzzy Hash: 67dc135ee67e6ea2b788f4e85d619b5af93edb2755647ff7fa94883cc2b411a5
Instruction Fuzzy Hash: 86B17E71A00209AFEB14DFA9CD45FAF7BAAEB08711F008159F915E7290D774ED40CBA4

Function 006D4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 006D4AED
GetDriveTypeW.KERNEL32(?,006FCB68,?,\\.\,006FCC08), ref: 006D4BCA
SetErrorMode.KERNEL32(00000000,006FCB68,?,\\.\,006FCC08), ref: 006D4D36

Strings

Unknown, xrefs: 006D4BED, 006D4C83
\\.\, xrefs: 006D4B3F
Fixed, xrefs: 006D4C09
ATA, xrefs: 006D4C98
iSCSI, xrefs: 006D4CC2
SAS, xrefs: 006D4CC9
SCSI, xrefs: 006D4C8A
MMC, xrefs: 006D4CDE
SSA, xrefs: 006D4CA6
Fibre, xrefs: 006D4CAD
Network, xrefs: 006D4C02
USB, xrefs: 006D4CB4
RAID, xrefs: 006D4CBB
FileBackedVirtual, xrefs: 006D4CEC
1394, xrefs: 006D4C9F
SATA, xrefs: 006D4CD0
PhysicalDrive, xrefs: 006D4B76
Virtual, xrefs: 006D4CE5
SSD, xrefs: 006D4C4A
ATAPI, xrefs: 006D4C91
CDROM, xrefs: 006D4BFB
Removable, xrefs: 006D4C10, 006D4C15
RAMDisk, xrefs: 006D4BF4

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 98d6ed505ef9a724aa562d60df91f821bc944266cf6c276cc4a836479132f576
Instruction ID: 19ad130a7e6530079cad3ab029906c2da86a98e28071a035b36a3f49f5825c9f
Opcode Fuzzy Hash: 98d6ed505ef9a724aa562d60df91f821bc944266cf6c276cc4a836479132f576
Instruction Fuzzy Hash: EE61AE70B16109DBCB14DF24DA829B877B3AB44304B20842BF806AB791DF3AED42DB55

Function 006F73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 006F7421
SetTextColor.GDI32(?,?), ref: 006F7425
GetSysColorBrush.USER32(0000000F), ref: 006F743B
GetSysColor.USER32(0000000F), ref: 006F7446
CreateSolidBrush.GDI32(?), ref: 006F744B
GetSysColor.USER32(00000011), ref: 006F7463
CreatePen.GDI32(00000000,00000001,00743C00), ref: 006F7471
SelectObject.GDI32(?,00000000), ref: 006F7482
SetBkColor.GDI32(?,00000000), ref: 006F748B
SelectObject.GDI32(?,?), ref: 006F7498
InflateRect.USER32(?,000000FF,000000FF), ref: 006F74B7
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 006F74CE
GetWindowLongW.USER32(00000000,000000F0), ref: 006F74DB
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 006F752A
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 006F7554
InflateRect.USER32(?,000000FD,000000FD), ref: 006F7572
DrawFocusRect.USER32(?,?), ref: 006F757D
GetSysColor.USER32(00000011), ref: 006F758E
SetTextColor.GDI32(?,00000000), ref: 006F7596
DrawTextW.USER32(?,006F70F5,000000FF,?,00000000), ref: 006F75A8
SelectObject.GDI32(?,?), ref: 006F75BF
DeleteObject.GDI32(?), ref: 006F75CA
SelectObject.GDI32(?,?), ref: 006F75D0
DeleteObject.GDI32(?), ref: 006F75D5
SetTextColor.GDI32(?,?), ref: 006F75DB
SetBkColor.GDI32(?,?), ref: 006F75E5

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: 74bd72ed2ff7129b1aca7995f6346de612bf42b90af09174dae2ab7d332530b2
Instruction ID: 703faf68eeb949353fe819fe4e4e46af36ca3bf817fdf1f5f28d00e8f1a7436d
Opcode Fuzzy Hash: 74bd72ed2ff7129b1aca7995f6346de612bf42b90af09174dae2ab7d332530b2
Instruction Fuzzy Hash: CE615B7290421CAFDF01DFA8DD49EEEBFBAEB09320F115115FA15AB2A1D7709950CB90

Function 006F0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 006F1128
GetDesktopWindow.USER32 ref: 006F113D
GetWindowRect.USER32(00000000), ref: 006F1144
GetWindowLongW.USER32(?,000000F0), ref: 006F1199
DestroyWindow.USER32(?), ref: 006F11B9
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 006F11ED
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 006F120B
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 006F121D
SendMessageW.USER32(00000000,00000421,?,?), ref: 006F1232
SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 006F1245
IsWindowVisible.USER32(00000000), ref: 006F12A1
SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 006F12BC
SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 006F12D0
GetWindowRect.USER32(00000000,?), ref: 006F12E8
MonitorFromPoint.USER32(?,?,00000002), ref: 006F130E
GetMonitorInfoW.USER32(00000000,?), ref: 006F1328
CopyRect.USER32(?,?), ref: 006F133F
SendMessageW.USER32(00000000,00000412,00000000), ref: 006F13AA

Strings

tooltips_class32, xrefs: 006F11E6
0, xrefs: 006F10D3
(, xrefs: 006F131B

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: 1b0b70271bfe43185353fd43e4c9f3ceb1fd28682edd5599ab39784c8ceffd61
Instruction ID: 553c2dfae68c8620eff3ec939314f8cd452956053f35e976ffe00d65ac848f7a
Opcode Fuzzy Hash: 1b0b70271bfe43185353fd43e4c9f3ceb1fd28682edd5599ab39784c8ceffd61
Instruction Fuzzy Hash: 3FB19C71608345EFD740DF64C984BAABBE6FF85350F00891CFA999B261CB71E844CB95

Function 00678891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00678968
GetSystemMetrics.USER32(00000007), ref: 00678970
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0067899B
GetSystemMetrics.USER32(00000008), ref: 006789A3
GetSystemMetrics.USER32(00000004), ref: 006789C8
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 006789E5
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 006789F5
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00678A28
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00678A3C
GetClientRect.USER32(00000000,000000FF), ref: 00678A5A
GetStockObject.GDI32(00000011), ref: 00678A76
SendMessageW.USER32(00000000,00000030,00000000), ref: 00678A81

Part of subcall function 0067912D: GetCursorPos.USER32(?), ref: 00679141
Part of subcall function 0067912D: ScreenToClient.USER32(00000000,?), ref: 0067915E
Part of subcall function 0067912D: GetAsyncKeyState.USER32(00000001), ref: 00679183
Part of subcall function 0067912D: GetAsyncKeyState.USER32(00000002), ref: 0067919D

SetTimer.USER32(00000000,00000000,00000028,006790FC), ref: 00678AA8

Strings

AutoIt v3 GUI, xrefs: 00678A20

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: e9cd7d8360fed1288154dfa3d267cd482530a91fd7d0b73ad7765794648f813d
Instruction ID: 8c93ee1536ebd07f5f6a4ca632c6c6710db086ef4fcaaaa65afd16255850ccb0
Opcode Fuzzy Hash: e9cd7d8360fed1288154dfa3d267cd482530a91fd7d0b73ad7765794648f813d
Instruction Fuzzy Hash: 01B17C71A402099FDB14DFA8CD49BEE3BB6FB48325F118129FA19A7290DB34E841CF55

Function 006C0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 006C10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 006C1114
Part of subcall function 006C10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,006C0B9B,?,?,?), ref: 006C1120
Part of subcall function 006C10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,006C0B9B,?,?,?), ref: 006C112F
Part of subcall function 006C10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,006C0B9B,?,?,?), ref: 006C1136
Part of subcall function 006C10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 006C114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 006C0DF5
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 006C0E29
GetLengthSid.ADVAPI32(?), ref: 006C0E40
GetAce.ADVAPI32(?,00000000,?), ref: 006C0E7A
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 006C0E96
GetLengthSid.ADVAPI32(?), ref: 006C0EAD
GetProcessHeap.KERNEL32(00000008,00000008), ref: 006C0EB5
HeapAlloc.KERNEL32(00000000), ref: 006C0EBC
GetLengthSid.ADVAPI32(?,00000008,?), ref: 006C0EDD
CopySid.ADVAPI32(00000000), ref: 006C0EE4
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 006C0F13
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 006C0F35
SetUserObjectSecurity.USER32(?,00000004,?), ref: 006C0F47
GetProcessHeap.KERNEL32(00000000,00000000), ref: 006C0F6E
HeapFree.KERNEL32(00000000), ref: 006C0F75
GetProcessHeap.KERNEL32(00000000,00000000), ref: 006C0F7E
HeapFree.KERNEL32(00000000), ref: 006C0F85
GetProcessHeap.KERNEL32(00000000,00000000), ref: 006C0F8E
HeapFree.KERNEL32(00000000), ref: 006C0F95
GetProcessHeap.KERNEL32(00000000,?), ref: 006C0FA1
HeapFree.KERNEL32(00000000), ref: 006C0FA8

Part of subcall function 006C1193: GetProcessHeap.KERNEL32(00000008,006C0BB1,?,00000000,?,006C0BB1,?), ref: 006C11A1
Part of subcall function 006C1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,006C0BB1,?), ref: 006C11A8
Part of subcall function 006C1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,006C0BB1,?), ref: 006C11B7

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 375ab45a2af673f0ddeb94b674c44d34ee46c8a9b95fa3001464fa4ed95cf3a4
Instruction ID: 396223c45c60f68a56debf23652e7d7662713a8d262303a675b5a92a0561ed37
Opcode Fuzzy Hash: 375ab45a2af673f0ddeb94b674c44d34ee46c8a9b95fa3001464fa4ed95cf3a4
Instruction Fuzzy Hash: 77713C7190020AEBEF20DFA4DD44FFEBBBAFF05310F148119E929A6291D7719A55CB60

Function 006EC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006EC4BD
RegCreateKeyExW.ADVAPI32(?,?,00000000,006FCC08,00000000,?,00000000,?,?), ref: 006EC544
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 006EC5A4
_wcslen.LIBCMT ref: 006EC5F4
_wcslen.LIBCMT ref: 006EC66F
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 006EC6B2
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 006EC7C1
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 006EC84D
RegCloseKey.ADVAPI32(?), ref: 006EC881
RegCloseKey.ADVAPI32(00000000), ref: 006EC88E
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 006EC960

Strings

REG_MULTI_SZ, xrefs: 006EC6F5
REG_SZ, xrefs: 006EC644
REG_BINARY, xrefs: 006EC913
REG_DWORD, xrefs: 006EC804
REG_EXPAND_SZ, xrefs: 006EC5CD
REG_QWORD, xrefs: 006EC8C3

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: 38d818b72c04e19c806d4e8e16cbf4078ed44eea80d5517125f467d78b89a540
Instruction ID: 1f21341f312efa1acf1730f6ef3df1f71f26b5593dd17fdeffe3f75fefec69e2
Opcode Fuzzy Hash: 38d818b72c04e19c806d4e8e16cbf4078ed44eea80d5517125f467d78b89a540
Instruction Fuzzy Hash: 3E127B356043419FD754DF15C881A6AB7E6FF88724F14889DF88A9B3A2DB31EC42CB85

Function 006F091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 006F09C6
_wcslen.LIBCMT ref: 006F0A01
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 006F0A54
_wcslen.LIBCMT ref: 006F0A8A
_wcslen.LIBCMT ref: 006F0B06
_wcslen.LIBCMT ref: 006F0B81

Part of subcall function 0067F9F2: _wcslen.LIBCMT ref: 0067F9FD

Part of subcall function 006C2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 006C2BFA

Strings

UNCHECK, xrefs: 006F0D3E
CHECK, xrefs: 006F0A85, 006F0AA0
GETSELECTED, xrefs: 006F0C4E
EXISTS, xrefs: 006F0B7C, 006F0B97
ISCHECKED, xrefs: 006F0CE1
EXPAND, xrefs: 006F0BF8
GETITEMCOUNT, xrefs: 006F0C1E
COLLAPSE, xrefs: 006F0B01, 006F0B1C
SELECT, xrefs: 006F0D11
GETTOTALCOUNT, xrefs: 006F09F2, 006F0A17
GETTEXT, xrefs: 006F0C97

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: 15d20a995720b020964132304429bafdf0c38d9df9339c9fc5fdd4cac617b6b7
Instruction ID: 63d9486fe608ef5181322b35cdf47fce1ee1fdd44b8f67cbff0beb37b6b3514a
Opcode Fuzzy Hash: 15d20a995720b020964132304429bafdf0c38d9df9339c9fc5fdd4cac617b6b7
Instruction Fuzzy Hash: EFE187352083059FCB54DF24C45097AB7E3BF98318B10899DF99A9B3A2DB31ED46CB81

Function 006EC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,006EB6AE,?,?), ref: 006EC9B5
_wcslen.LIBCMT ref: 006EC9F1
_wcslen.LIBCMT ref: 006ECA68
_wcslen.LIBCMT ref: 006ECA9E
_wcslen.LIBCMT ref: 006ECAF9
_wcslen.LIBCMT ref: 006ECB2F
_wcslen.LIBCMT ref: 006ECB7F

Strings

HKEY_CURRENT_CONFIG, xrefs: 006ECB79, 006ECB7E
HKCU, xrefs: 006ECBCE
HKCR, xrefs: 006ECB29, 006ECB2E
HKEY_CURRENT_USER, xrefs: 006ECBBD
HKEY_CLASSES_ROOT, xrefs: 006ECAF3, 006ECAF8
HKEY_LOCAL_MACHINE, xrefs: 006ECA62, 006ECA67
HKLM, xrefs: 006ECA98, 006ECA9D
HKEY_USERS, xrefs: 006ECBDF
HKU, xrefs: 006ECBF0
HKCC, xrefs: 006ECBAC

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: 4893947def8dfc29066c4416f24ea2cb1ce913dcc0851554be8f20d2c8b1aadf
Instruction ID: fbd9a34d8e185c26e214d04df074ef2dcc58805666c8266adfcbffac58379b73
Opcode Fuzzy Hash: 4893947def8dfc29066c4416f24ea2cb1ce913dcc0851554be8f20d2c8b1aadf
Instruction Fuzzy Hash: F471F6326013AA8BCB20DE7ED9515FE33A7AB60774B214538F86697384E635CD47C7A0

Function 006F833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 006F835A
_wcslen.LIBCMT ref: 006F836E
_wcslen.LIBCMT ref: 006F8391
_wcslen.LIBCMT ref: 006F83B4
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 006F83F2
LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,006F361A,?), ref: 006F844E
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 006F8487
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 006F84CA
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 006F8501
FreeLibrary.KERNEL32(?), ref: 006F850D
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 006F851D
DestroyIcon.USER32(?), ref: 006F852C
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 006F8549
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 006F8555

Strings

.exe, xrefs: 006F8388
.icl, xrefs: 006F8368
.dll, xrefs: 006F83AB

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: b3d43897269b1dd69b6bc3b276b7a5ce77fd53924cdba78f16d9acea2c2f09ef
Instruction ID: 009b165381b1e0cfdecd12b13a6fdf4923e426edfec39e7457a8f754474cc641
Opcode Fuzzy Hash: b3d43897269b1dd69b6bc3b276b7a5ce77fd53924cdba78f16d9acea2c2f09ef
Instruction Fuzzy Hash: 7761AE7290021ABEEB14DF64CC45BFE77AABB08721F10464AFA15D71D1DF74AA90C7A0

Function 00667778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON

Download Yara Rule

Strings

#pragma compile, xrefs: 006677D3
Bad directive syntax error, xrefs: 006A519A
#comments-end, xrefs: 006678D9
#requireadmin, xrefs: 006677FF
#ce, xrefs: 006678ED
#cs, xrefs: 00667873, 006678C5
#comments-start, xrefs: 0066785F, 006678B1
#notrayicon, xrefs: 006677E7
#include, xrefs: 00667847
Cannot parse #include, xrefs: 006A5279
', xrefs: 006A5169
#include-once, xrefs: 0066782F
", xrefs: 006A5153
#OnAutoItStartRegister, xrefs: 00667817
Unterminated group of comments, xrefs: 006A528C

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 0-1645009161
Opcode ID: 690d879c8db1b899b65d54869ea184291579d62ec67094193400039db2e8e49a
Instruction ID: 8e6cefca8c987e793700d91689853709e4e0850c758a1ad8a504342669430f60
Opcode Fuzzy Hash: 690d879c8db1b899b65d54869ea184291579d62ec67094193400039db2e8e49a
Instruction Fuzzy Hash: 6A81A471644205BBDB60BF60DC46FBA3BABAF15304F144029F905AB296EB70DD11CBA9

Function 006D3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 006D3EF8
_wcslen.LIBCMT ref: 006D3F03
_wcslen.LIBCMT ref: 006D3F5A
_wcslen.LIBCMT ref: 006D3F98
GetDriveTypeW.KERNEL32(?), ref: 006D3FD6
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006D401E
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006D4059
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006D4087

Strings

set cd door , xrefs: 006D4028
open, xrefs: 006D3F54, 006D3F59
close cd wait, xrefs: 006D4072
close, xrefs: 006D3EFE, 006D3F18
type cdaudio alias cd wait, xrefs: 006D4001
open , xrefs: 006D3FE5
wait, xrefs: 006D4044
closed, xrefs: 006D3F08, 006D3F2D, 006D3F46, 006D3F7E, 006D3F97

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: SendString_wcslen$BuffCharDriveLowerType
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 1839972693-4113822522
Opcode ID: efbebfeced2860bbfe46ef30a1b26e45e8e3aaf23478f1b8a079b244df5116a2
Instruction ID: c1c202e0b9852314f8c409b69fb89d26fe784e6e32553ae425353e2bda0bf806
Opcode Fuzzy Hash: efbebfeced2860bbfe46ef30a1b26e45e8e3aaf23478f1b8a079b244df5116a2
Instruction Fuzzy Hash: BC71F4729042259FC710EF24C8808AAB7F6EF94768F10492EF89597351EB30ED45CB92

Function 006C5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 006C5A2E
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 006C5A40
SetWindowTextW.USER32(?,?), ref: 006C5A57
GetDlgItem.USER32(?,000003EA), ref: 006C5A6C
SetWindowTextW.USER32(00000000,?), ref: 006C5A72
GetDlgItem.USER32(?,000003E9), ref: 006C5A82
SetWindowTextW.USER32(00000000,?), ref: 006C5A88
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 006C5AA9
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 006C5AC3
GetWindowRect.USER32(?,?), ref: 006C5ACC
_wcslen.LIBCMT ref: 006C5B33
SetWindowTextW.USER32(?,?), ref: 006C5B6F
GetDesktopWindow.USER32 ref: 006C5B75
GetWindowRect.USER32(00000000), ref: 006C5B7C
MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 006C5BD3
GetClientRect.USER32(?,?), ref: 006C5BE0
PostMessageW.USER32(?,00000005,00000000,?), ref: 006C5C05
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 006C5C2F

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
String ID:
API String ID: 895679908-0
Opcode ID: f657bfa665cb0778b37d97e1c390755165e453cd6c69f3248b0ce7d895ac2dc3
Instruction ID: a4de8e3465eeefc83e911615cc9dd15b6e437a97f23bc55847c564f6e58694c9
Opcode Fuzzy Hash: f657bfa665cb0778b37d97e1c390755165e453cd6c69f3248b0ce7d895ac2dc3
Instruction Fuzzy Hash: AC714931900B09AFDB20DFA9CE95FBEBBF6EB48714F10451CE142A26A0D775B984CB50

Function 006DFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 006DFE27
LoadCursorW.USER32(00000000,00007F8A), ref: 006DFE32
LoadCursorW.USER32(00000000,00007F00), ref: 006DFE3D
LoadCursorW.USER32(00000000,00007F03), ref: 006DFE48
LoadCursorW.USER32(00000000,00007F8B), ref: 006DFE53
LoadCursorW.USER32(00000000,00007F01), ref: 006DFE5E
LoadCursorW.USER32(00000000,00007F81), ref: 006DFE69
LoadCursorW.USER32(00000000,00007F88), ref: 006DFE74
LoadCursorW.USER32(00000000,00007F80), ref: 006DFE7F
LoadCursorW.USER32(00000000,00007F86), ref: 006DFE8A
LoadCursorW.USER32(00000000,00007F83), ref: 006DFE95
LoadCursorW.USER32(00000000,00007F85), ref: 006DFEA0
LoadCursorW.USER32(00000000,00007F82), ref: 006DFEAB
LoadCursorW.USER32(00000000,00007F84), ref: 006DFEB6
LoadCursorW.USER32(00000000,00007F04), ref: 006DFEC1
LoadCursorW.USER32(00000000,00007F02), ref: 006DFECC
GetCursorInfo.USER32(?), ref: 006DFEDC
GetLastError.KERNEL32 ref: 006DFF1E

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: 37b742840a5ce9d97eb6847b182058e75955597eaec83f0aefe5e218cb942cec
Instruction ID: cf3372d300fa8911ad1c4f10d68f07a4b209fcebb48de712e6120ff7dd760ecf
Opcode Fuzzy Hash: 37b742840a5ce9d97eb6847b182058e75955597eaec83f0aefe5e218cb942cec
Instruction Fuzzy Hash: 9A4124B0D04319AADB109FBA9C8586EBFE9FF04754B50452AF11DE7381DB789901CE91

Function 006C30F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 006C318D
_wcslen.LIBCMT ref: 006C31F8

Strings

INSTANCE, xrefs: 006C3453
TEXT, xrefs: 006C347C
NAME, xrefs: 006C3335, 006C3346
CLASSNN, xrefs: 006C31F3, 006C3204
REGEXPCLASS, xrefs: 006C3255, 006C3266
CLASS, xrefs: 006C3188, 006C31A5
[r, xrefs: 006C339A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _wcslen
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[r
API String ID: 176396367-1580549998
Opcode ID: 87e1122eb308672ed6f7bfe6ccbccfcdea48d123e3d6df937b5edb4c823deba3
Instruction ID: 1f33650f3369bbc4fd61f5b8ecc86c0b3707a6cb499e89d5f391efb1dba3dbd3
Opcode Fuzzy Hash: 87e1122eb308672ed6f7bfe6ccbccfcdea48d123e3d6df937b5edb4c823deba3
Instruction Fuzzy Hash: 26E19231A00536AACB589FA8C451FFDBBA6FF54710F54C22EE456A7340DB30AF458790

Function 006800C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 006800C6

Part of subcall function 006800ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0073070C,00000FA0,7637C5CB,?,?,?,?,006A23B3,000000FF), ref: 0068011C
Part of subcall function 006800ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,006A23B3,000000FF), ref: 00680127
Part of subcall function 006800ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,006A23B3,000000FF), ref: 00680138
Part of subcall function 006800ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0068014E
Part of subcall function 006800ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0068015C
Part of subcall function 006800ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0068016A
Part of subcall function 006800ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00680195
Part of subcall function 006800ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 006801A0

___scrt_fastfail.LIBCMT ref: 006800E7

Part of subcall function 006800A3: __onexit.LIBCMT ref: 006800A9

Strings

InitializeConditionVariable, xrefs: 00680148
SleepConditionVariableCS, xrefs: 00680154
kernel32.dll, xrefs: 00680133
WakeAllConditionVariable, xrefs: 00680162
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00680122

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: 80ae9084047e2819dbaf0ab78e717d73db14e970f3126e14e43acb735908b9a7
Instruction ID: 79bdd7655274992b7b49802b7909ed9dd4d44a24b9c21a067ce00314ef9f83f7
Opcode Fuzzy Hash: 80ae9084047e2819dbaf0ab78e717d73db14e970f3126e14e43acb735908b9a7
Instruction Fuzzy Hash: 892129326407096BFB607BB4AC0AB7D3397DF45B71F114A39F941A2391DB649C08CB94

Function 006D44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,006FCC08), ref: 006D4527
_wcslen.LIBCMT ref: 006D453B
_wcslen.LIBCMT ref: 006D4599
_wcslen.LIBCMT ref: 006D45F4
_wcslen.LIBCMT ref: 006D463F
_wcslen.LIBCMT ref: 006D46A7

Part of subcall function 0067F9F2: _wcslen.LIBCMT ref: 0067F9FD

GetDriveTypeW.KERNEL32(?,00726BF0,00000061), ref: 006D4743

Strings

ramdisk, xrefs: 006D46F1
fixed, xrefs: 006D4635, 006D463A
all, xrefs: 006D4531, 006D4536
cdrom, xrefs: 006D458F, 006D4594
unknown, xrefs: 006D4708
network, xrefs: 006D469D, 006D46A2
removable, xrefs: 006D45EA, 006D45EF

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: b442dba4d3964d5202eaa417bf0f565e62148cacfca4ae04bdf96091ba052603
Instruction ID: 1129a3ef3ee5fa424cd6cfdc975cc9e0dcfe8f0ec878e43d8a84fd50ad2f7cca
Opcode Fuzzy Hash: b442dba4d3964d5202eaa417bf0f565e62148cacfca4ae04bdf96091ba052603
Instruction Fuzzy Hash: 41B1E171A083429FC710DF28D890ABAB7E6AFA5760F50491EF596C7391DB30DC45CBA2

Function 006F911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00679BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00679BB2

DragQueryPoint.SHELL32(?,?), ref: 006F9147

Part of subcall function 006F7674: ClientToScreen.USER32(?,?), ref: 006F769A
Part of subcall function 006F7674: GetWindowRect.USER32(?,?), ref: 006F7710
Part of subcall function 006F7674: PtInRect.USER32(?,?,006F8B89), ref: 006F7720

SendMessageW.USER32(?,000000B0,?,?), ref: 006F91B0
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 006F91BB
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 006F91DE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 006F9225
SendMessageW.USER32(?,000000B0,?,?), ref: 006F923E
SendMessageW.USER32(?,000000B1,?,?), ref: 006F9255
SendMessageW.USER32(?,000000B1,?,?), ref: 006F9277
DragFinish.SHELL32(?), ref: 006F927E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 006F9371

Strings

p#s, xrefs: 006F92BB
@GUI_DROPID, xrefs: 006F929E
@GUI_DRAGFILE, xrefs: 006F9320
@GUI_DRAGID, xrefs: 006F92E9

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#s
API String ID: 221274066-3108310235
Opcode ID: 6fc3db1150b3248ac5acd8d3b3a7548fbacb3f0ec29deb5952876d2f851d392d
Instruction ID: c818e4878b6dffb5735a9046861d35bbda1341e58d8ad30b3324d5d5529737dc
Opcode Fuzzy Hash: 6fc3db1150b3248ac5acd8d3b3a7548fbacb3f0ec29deb5952876d2f851d392d
Instruction Fuzzy Hash: 08619C71108305AFD701DF60DD85EAFBBEAEF89760F000A2DF595931A1DB309A49CB66

Function 0066326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(00731990), ref: 006A2F8D
GetMenuItemCount.USER32(00731990), ref: 006A303D
GetCursorPos.USER32(?), ref: 006A3081
SetForegroundWindow.USER32(00000000), ref: 006A308A
TrackPopupMenuEx.USER32(00731990,00000000,?,00000000,00000000,00000000), ref: 006A309D
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 006A30A9

Strings

0, xrefs: 0066327D

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID: 0
API String ID: 36266755-4108050209
Opcode ID: 2373968e8242a363cdb8bd698f1c92a4ef9bc073ffe215527de7325d87bbed54
Instruction ID: d40fc96c7f71fdb3f132ccb9e849674e00676ce960b6069a3d0ba93e5c285326
Opcode Fuzzy Hash: 2373968e8242a363cdb8bd698f1c92a4ef9bc073ffe215527de7325d87bbed54
Instruction Fuzzy Hash: 32711870684216BEEB219F28CD59FEABF6AFF01324F204206F5156A3E0C7B1AD54DB50

Function 006F6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 006F6DEB

Part of subcall function 00666B57: _wcslen.LIBCMT ref: 00666B6A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 006F6E5F
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 006F6E81
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 006F6E94
DestroyWindow.USER32(?), ref: 006F6EB5
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00660000,00000000), ref: 006F6EE4
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 006F6EFD
GetDesktopWindow.USER32 ref: 006F6F16
GetWindowRect.USER32(00000000), ref: 006F6F1D
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 006F6F35
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 006F6F4D

Part of subcall function 00679944: GetWindowLongW.USER32(?,000000EB), ref: 00679952

Strings

tooltips_class32, xrefs: 006F6E58, 006F6EDD
0, xrefs: 006F6D98

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: 44fbba737c831038fb8303e25dba5fc264d3747636a07d9e938e3419fde4a074
Instruction ID: da20278df64a9c2fb40e1250cf23ed1cf1fb76b3f8c88c55173115d15208cf21
Opcode Fuzzy Hash: 44fbba737c831038fb8303e25dba5fc264d3747636a07d9e938e3419fde4a074
Instruction Fuzzy Hash: 2E715875104248AFEB21CF18D844BBABBEAFB89314F44841DFA9987261C774AD06DB15

Function 006DC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 006DC4B0
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 006DC4C3
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 006DC4D7
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 006DC4F0
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 006DC533
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 006DC549
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 006DC554
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 006DC584
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 006DC5DC
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 006DC5F0
InternetCloseHandle.WININET(00000000), ref: 006DC5FB

Strings

, xrefs: 006DC575

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: 4ae344b49dc3e332333839c1951de4860bd65cfe8840468bb3c312789df88204
Instruction ID: a52987b4b07467ee748cf7f1f60319d965ad5b04ca297fd3d5114a41741393bc
Opcode Fuzzy Hash: 4ae344b49dc3e332333839c1951de4860bd65cfe8840468bb3c312789df88204
Instruction Fuzzy Hash: 59514BB190020EBFDB219F65D948ABA7BFEEF48764F00451AF94596310DB30EA54DB60

Function 006F856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 006F8592
GetFileSize.KERNEL32(00000000,00000000), ref: 006F85A2
GlobalAlloc.KERNEL32(00000002,00000000), ref: 006F85AD
CloseHandle.KERNEL32(00000000), ref: 006F85BA
GlobalLock.KERNEL32(00000000), ref: 006F85C8
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 006F85D7
GlobalUnlock.KERNEL32(00000000), ref: 006F85E0
CloseHandle.KERNEL32(00000000), ref: 006F85E7
CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 006F85F8
OleLoadPicture.OLEAUT32(?,00000000,00000000,006FFC38,?), ref: 006F8611
GlobalFree.KERNEL32(00000000), ref: 006F8621
GetObjectW.GDI32(?,00000018,000000FF), ref: 006F8641
CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 006F8671
DeleteObject.GDI32(00000000), ref: 006F8699
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 006F86AF

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: c70e595e1a61d5d0aad337b20a5f9909ec608867bf88641872b2749725db9af5
Instruction ID: b16f1a4acd22d44c768a8bee7fb6df0f459d186692af9b6a080c07d4e3377a1d
Opcode Fuzzy Hash: c70e595e1a61d5d0aad337b20a5f9909ec608867bf88641872b2749725db9af5
Instruction Fuzzy Hash: 52410A75600208AFDB11DFA5DD48EBA7BBAFF8A765F104058F905E7260DB309E05DB60

Function 006D14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 006D1502
VariantCopy.OLEAUT32(?,?), ref: 006D150B
VariantClear.OLEAUT32(?), ref: 006D1517
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 006D15FB
VarR8FromDec.OLEAUT32(?,?), ref: 006D1657
VariantInit.OLEAUT32(?), ref: 006D1708
SysFreeString.OLEAUT32(?), ref: 006D178C
VariantClear.OLEAUT32(?), ref: 006D17D8
VariantClear.OLEAUT32(?), ref: 006D17E7
VariantInit.OLEAUT32(00000000), ref: 006D1823

Strings

%4d%02d%02d%02d%02d%02d, xrefs: 006D1625
Default, xrefs: 006D16AF

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 1234038744-3931177956
Opcode ID: 9e59c546a8b29bfefdebc295555f81f034aa23c1870b61dd40cc1ece6b17ff0d
Instruction ID: 7c120c98f05afe1357fc652afa31bfb33e8e9e5e1b5b81d3409642a5875385ca
Opcode Fuzzy Hash: 9e59c546a8b29bfefdebc295555f81f034aa23c1870b61dd40cc1ece6b17ff0d
Instruction Fuzzy Hash: 44D1CFB1E00115EBDB109F65E885BB9B7B7BF46700F20805BE406AF390DBB8D846DB61

Function 006EB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

Part of subcall function 006EC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,006EB6AE,?,?), ref: 006EC9B5
Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006EC9F1
Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006ECA68
Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006ECA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006EB6F4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 006EB772
RegDeleteValueW.ADVAPI32(?,?), ref: 006EB80A
RegCloseKey.ADVAPI32(?), ref: 006EB87E
RegCloseKey.ADVAPI32(?), ref: 006EB89C
LoadLibraryA.KERNEL32(advapi32.dll), ref: 006EB8F2
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 006EB904
RegDeleteKeyW.ADVAPI32(?,?), ref: 006EB922
FreeLibrary.KERNEL32(00000000), ref: 006EB983
RegCloseKey.ADVAPI32(00000000), ref: 006EB994

Strings

advapi32.dll, xrefs: 006EB8ED
RegDeleteKeyExW, xrefs: 006EB8FE

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 146587525-4033151799
Opcode ID: d75640051a09bb4c860337a3197297e2e7548785740489ea914e13612be2f57c
Instruction ID: a783b576af87cb72d1ac4cbb157335538fe83614ec6c4c0979d8e5fc83b56bd2
Opcode Fuzzy Hash: d75640051a09bb4c860337a3197297e2e7548785740489ea914e13612be2f57c
Instruction Fuzzy Hash: 7AC18A30205341AFD714DF15C494F6ABBE6AF85318F14959CE49A8B3A2CB71EC46CB91

Function 006E255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 006E25D8
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 006E25E8
CreateCompatibleDC.GDI32(?), ref: 006E25F4
SelectObject.GDI32(00000000,?), ref: 006E2601
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 006E266D
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 006E26AC
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 006E26D0
SelectObject.GDI32(?,?), ref: 006E26D8
DeleteObject.GDI32(?), ref: 006E26E1
DeleteDC.GDI32(?), ref: 006E26E8
ReleaseDC.USER32(00000000,?), ref: 006E26F3

Strings

(, xrefs: 006E268D

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: 0f92dc5fa8c7e0424d62b51df105c98856cdc594072473be2a25c9ed24f9d643
Instruction ID: f235ba4b56fa8637adc589965c8eec00527bb54c59dd3f2b4edb218ee0b94f23
Opcode Fuzzy Hash: 0f92dc5fa8c7e0424d62b51df105c98856cdc594072473be2a25c9ed24f9d643
Instruction Fuzzy Hash: 2A610275D00219EFCF04CFA8D984EAEBBBAFF48310F208529E955A7250E771A951CF64

Function 0069DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0069DAA1

Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D659
Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D66B
Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D67D
Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D68F
Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D6A1
Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D6B3
Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D6C5
Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D6D7
Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D6E9
Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D6FB
Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D70D
Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D71F
Part of subcall function 0069D63C: _free.LIBCMT ref: 0069D731

_free.LIBCMT ref: 0069DA96

Part of subcall function 006929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000), ref: 006929DE
Part of subcall function 006929C8: GetLastError.KERNEL32(00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000,00000000), ref: 006929F0

_free.LIBCMT ref: 0069DAB8
_free.LIBCMT ref: 0069DACD
_free.LIBCMT ref: 0069DAD8
_free.LIBCMT ref: 0069DAFA
_free.LIBCMT ref: 0069DB0D
_free.LIBCMT ref: 0069DB1B
_free.LIBCMT ref: 0069DB26
_free.LIBCMT ref: 0069DB5E
_free.LIBCMT ref: 0069DB65
_free.LIBCMT ref: 0069DB82
_free.LIBCMT ref: 0069DB9A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 61bf610d69789c1248776f5c54a02fc866e4b9f4770aac6edcd554552c009b31
Instruction ID: fc824f8dbb7cbba10691eaff1bf660171cf546c4c0efa61c52f650d1e95edce4
Opcode Fuzzy Hash: 61bf610d69789c1248776f5c54a02fc866e4b9f4770aac6edcd554552c009b31
Instruction Fuzzy Hash: 09316D71604306AFEF61AA39E845B9AB7EEFF10720F51442DE448D7A91DF31AC50C764

Function 006C365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 006C369C
_wcslen.LIBCMT ref: 006C36A7
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 006C3797
GetClassNameW.USER32(?,?,00000400), ref: 006C380C
GetDlgCtrlID.USER32(?), ref: 006C385D
GetWindowRect.USER32(?,?), ref: 006C3882
GetParent.USER32(?), ref: 006C38A0
ScreenToClient.USER32(00000000), ref: 006C38A7
GetClassNameW.USER32(?,?,00000100), ref: 006C3921
GetWindowTextW.USER32(?,?,00000400), ref: 006C395D

Strings

%s%u, xrefs: 006C3734

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
String ID: %s%u
API String ID: 4010501982-679674701
Opcode ID: 527201ab4394ffeb093c34aecfe1d46cc39d0465f8d03ec9b7cd0b6093e53e83
Instruction ID: bbc655a414635e02c71ce1f73f1924716afbac56c8e11abf4613b0454a92ec01
Opcode Fuzzy Hash: 527201ab4394ffeb093c34aecfe1d46cc39d0465f8d03ec9b7cd0b6093e53e83
Instruction Fuzzy Hash: DA91A171204616AFD719DF24C885FFAB7AAFF44350F00861DF999D2290EB30EA45CBA1

Function 006C4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 006C4994
GetWindowTextW.USER32(?,?,00000400), ref: 006C49DA
_wcslen.LIBCMT ref: 006C49EB
CharUpperBuffW.USER32(?,00000000), ref: 006C49F7
_wcsstr.LIBVCRUNTIME ref: 006C4A2C
GetClassNameW.USER32(00000018,?,00000400), ref: 006C4A64
GetWindowTextW.USER32(?,?,00000400), ref: 006C4A9D
GetClassNameW.USER32(00000018,?,00000400), ref: 006C4AE6
GetClassNameW.USER32(?,?,00000400), ref: 006C4B20
GetWindowRect.USER32(?,?), ref: 006C4B8B

Strings

ThumbnailClass, xrefs: 006C4A6F, 006C4AF1

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: 9ab7d33a006ae1a9c79ba18efb15f800eee3623ff9886f7e1a91185bf7f2adc0
Instruction ID: df361359e5c9a01b1da97c076e7c2a54b443417f7609a822e2061c38d8fd2012
Opcode Fuzzy Hash: 9ab7d33a006ae1a9c79ba18efb15f800eee3623ff9886f7e1a91185bf7f2adc0
Instruction Fuzzy Hash: A7919C711082099BDB04DF14C9A5FBA77EAEF84314F04846EFD859A296DF30ED45CBA1

Function 006CBF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00731990,000000FF,00000000,00000030), ref: 006CBFAC
SetMenuItemInfoW.USER32(00731990,00000004,00000000,00000030), ref: 006CBFE1
Sleep.KERNEL32(000001F4), ref: 006CBFF3
GetMenuItemCount.USER32(?), ref: 006CC039
GetMenuItemID.USER32(?,00000000), ref: 006CC056
GetMenuItemID.USER32(?,-00000001), ref: 006CC082
GetMenuItemID.USER32(?,?), ref: 006CC0C9
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 006CC10F
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 006CC124
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 006CC145

Strings

0, xrefs: 006CBF3D

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep
String ID: 0
API String ID: 1460738036-4108050209
Opcode ID: 7aa2825688aa8455e2b624218bd54f14866849d5f7e0b2105fc1c8ebbbd426ee
Instruction ID: 58f6ffda7fa437988e62883ec9e5c0a915adbdcdcfccea6db372ef7efc671ee3
Opcode Fuzzy Hash: 7aa2825688aa8455e2b624218bd54f14866849d5f7e0b2105fc1c8ebbbd426ee
Instruction Fuzzy Hash: B9617BB0A0024AAFDF11CF68CD88FFE7BAAEB05364F04415DE815A3291C735AD55CB60

Function 006ECC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 006ECC64
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 006ECC8D
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 006ECD48

Part of subcall function 006ECC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 006ECCAA
Part of subcall function 006ECC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 006ECCBD
Part of subcall function 006ECC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 006ECCCF
Part of subcall function 006ECC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 006ECD05
Part of subcall function 006ECC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 006ECD28

RegDeleteKeyW.ADVAPI32(?,?), ref: 006ECCF3

Strings

advapi32.dll, xrefs: 006ECCB8
RegDeleteKeyExW, xrefs: 006ECCC9

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: 65bd119eeeb97be1d2e55e72af8b2e499a78a30d97ac7bc75aa2e04c4925d437
Instruction ID: 19c60e67e2da3a44ccb8c03b4cf3ffb1ea8553a070b415dbd5ccfa69c7ff165c
Opcode Fuzzy Hash: 65bd119eeeb97be1d2e55e72af8b2e499a78a30d97ac7bc75aa2e04c4925d437
Instruction Fuzzy Hash: 7F318F7190222DBBDB208B55DD88EFFBB7EEF45760F000165B905E2240DB349A46DAA0

Function 006D3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 006D3D40
_wcslen.LIBCMT ref: 006D3D6D
CreateDirectoryW.KERNEL32(?,00000000), ref: 006D3D9D
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 006D3DBE
RemoveDirectoryW.KERNEL32(?), ref: 006D3DCE
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 006D3E55
CloseHandle.KERNEL32(00000000), ref: 006D3E60
CloseHandle.KERNEL32(00000000), ref: 006D3E6B

Strings

\, xrefs: 006D3D77
\??\%s, xrefs: 006D3D5B
:, xrefs: 006D3D82

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
String ID: :$\$\??\%s
API String ID: 1149970189-3457252023
Opcode ID: ad4988f3518fdf7de799a7308f15e00046d32636143354ae3c9ba46ed11247f1
Instruction ID: 5c1da3339864fe3913b8a80b49572ef93c2cfe93aabe8088fe2761a624a0a737
Opcode Fuzzy Hash: ad4988f3518fdf7de799a7308f15e00046d32636143354ae3c9ba46ed11247f1
Instruction Fuzzy Hash: 2D319272900219ABDB209BA0DC49FEB37BEEF89750F1041B6F609D6250E7749744CF65

Function 006CE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 006CE6B4

Part of subcall function 0067E551: timeGetTime.WINMM(?,?,006CE6D4), ref: 0067E555

Sleep.KERNEL32(0000000A), ref: 006CE6E1
EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 006CE705
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 006CE727
SetActiveWindow.USER32 ref: 006CE746
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 006CE754
SendMessageW.USER32(00000010,00000000,00000000), ref: 006CE773
Sleep.KERNEL32(000000FA), ref: 006CE77E
IsWindow.USER32 ref: 006CE78A
EndDialog.USER32(00000000), ref: 006CE79B

Strings

BUTTON, xrefs: 006CE719

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: 4169c924e00444d4c0336161cb01f4cbbd18f1c138b29196334fb3696a2decdf
Instruction ID: 7f94123533b3c90a916c162e33e576cf25b202f52dcf835f5fe7f33f7c42780d
Opcode Fuzzy Hash: 4169c924e00444d4c0336161cb01f4cbbd18f1c138b29196334fb3696a2decdf
Instruction Fuzzy Hash: 60218771340608EFFB005F61ED8AF353B7BFB54759B10A429F405C1662DB76AC11DA28

Function 006CE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 006CEA5D
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 006CEA73
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006CEA84
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 006CEA96
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 006CEAA7

Strings

status PlayMe mode, xrefs: 006CEA58
alias PlayMe, xrefs: 006CEA36
play PlayMe, xrefs: 006CEAA2
close PlayMe, xrefs: 006CEA6E, 006CEA9B
open , xrefs: 006CEA0C
play PlayMe wait, xrefs: 006CEA91

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: 5f36abe8043f790d4fce476f78190c87bc8ed329272f46efb6cb1b4c6a51ca0b
Instruction ID: acdd9b0586d9cc63720f9964d0258aeeef8c40954156cad4d884e1127e61e8d4
Opcode Fuzzy Hash: 5f36abe8043f790d4fce476f78190c87bc8ed329272f46efb6cb1b4c6a51ca0b
Instruction Fuzzy Hash: 84117071A902797DD720A7A1EC4AEFF6B7DEBD2B00F40042EB801A21D1EEB01945C9B0

Function 006C5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 006C5CE2
GetWindowRect.USER32(00000000,?), ref: 006C5CFB
MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 006C5D59
GetDlgItem.USER32(?,00000002), ref: 006C5D69
GetWindowRect.USER32(00000000,?), ref: 006C5D7B
MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 006C5DCF
GetDlgItem.USER32(?,000003E9), ref: 006C5DDD
GetWindowRect.USER32(00000000,?), ref: 006C5DEF
MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 006C5E31
GetDlgItem.USER32(?,000003EA), ref: 006C5E44
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 006C5E5A
InvalidateRect.USER32(?,00000000,00000001), ref: 006C5E67

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: 2489ad6b36f565d1f28903b7f5a0501e8b6d376153d2d80e0929f47a04b1f12c
Instruction ID: 90772751748f9943e460157872f6c47541a0c7e2f2983de581c145c9eef3e744
Opcode Fuzzy Hash: 2489ad6b36f565d1f28903b7f5a0501e8b6d376153d2d80e0929f47a04b1f12c
Instruction Fuzzy Hash: 6E511D70A00619AFDF18CF68DD99EBEBBB6EF48310F109129F516E6290D770AE40CB50

Function 00678BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00678F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00678BE8,?,00000000,?,?,?,?,00678BBA,00000000,?), ref: 00678FC5

DestroyWindow.USER32(?), ref: 00678C81
KillTimer.USER32(00000000,?,?,?,?,00678BBA,00000000,?), ref: 00678D1B
DestroyAcceleratorTable.USER32(00000000), ref: 006B6973
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00678BBA,00000000,?), ref: 006B69A1
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00678BBA,00000000,?), ref: 006B69B8
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00678BBA,00000000), ref: 006B69D4
DeleteObject.GDI32(00000000), ref: 006B69E6

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: 13a870da8f38e0f27ad29eaa8256088e2b3e15590d4858ca95be56b67413506f
Instruction ID: 8a89abd78d2aa12dce18e117b6ea8a5dbe9f31a4ba4191becc60ac4fa4ae2202
Opcode Fuzzy Hash: 13a870da8f38e0f27ad29eaa8256088e2b3e15590d4858ca95be56b67413506f
Instruction Fuzzy Hash: 12617871542604DFDB229F15CA58BA5B7B3FB40322F54852CE04A9B6A0CB39ACC1CF98

Function 00679838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00679944: GetWindowLongW.USER32(?,000000EB), ref: 00679952

GetSysColor.USER32(0000000F), ref: 00679862

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: 640ff9d3848806e669074ef95d87e8443103176475ffa5d1cd43a14361b41a6a
Instruction ID: c7da53652208397931a8dfbe899c96eb135e33f945ec9ebcce74ec0ff3108eed
Opcode Fuzzy Hash: 640ff9d3848806e669074ef95d87e8443103176475ffa5d1cd43a14361b41a6a
Instruction Fuzzy Hash: 184191711046449FDB209F389C84BF93BA7AB47331F188B55F9A68B2E1C7319C52DB21

Function 00698D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Strings

.h, xrefs: 0069903A, 00698FD0, 00698FF2

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID: .h
API String ID: 0-3939481508
Opcode ID: 8a805ea239865848f8a6e23a68552e66a27c3921b341e1f0970993b353f1eb98
Instruction ID: 9e6f22e0fd6228e0fe0353fb384a6073522870d0659bad264da883578c6b7d60
Opcode Fuzzy Hash: 8a805ea239865848f8a6e23a68552e66a27c3921b341e1f0970993b353f1eb98
Instruction Fuzzy Hash: A9C1D075904249AFDF11EFACC851BEDBBBAAF0A310F04419DE424A7792C7349A42CB75

Function 006C96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,006AF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 006C9717
LoadStringW.USER32(00000000,?,006AF7F8,00000001), ref: 006C9720

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,006AF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 006C9742
LoadStringW.USER32(00000000,?,006AF7F8,00000001), ref: 006C9745
MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 006C9866

Strings

^ ERROR, xrefs: 006C97FB
Error: , xrefs: 006C981D
Line %d:, xrefs: 006C97A0
%s (%d) : ==> %s: %s %s, xrefs: 006C984A
Line %d (File "%s"):, xrefs: 006C978F

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wcslen
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 747408836-2268648507
Opcode ID: 416a00e75e56c702a3fb1a5ded752e748b2994b6362dd984386fc6eef74aadc9
Instruction ID: 80861d53c716062fd92df9d571a8e6329b886e5eaf657d5499f8f701a81738df
Opcode Fuzzy Hash: 416a00e75e56c702a3fb1a5ded752e748b2994b6362dd984386fc6eef74aadc9
Instruction Fuzzy Hash: 16413C72800219AADB44FBE0DE46EFE777AEF15740F20042DB50572192EA356F49CB75

Function 006C06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 00666B57: _wcslen.LIBCMT ref: 00666B6A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 006C07A2
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 006C07BE
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 006C07DA
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 006C0804
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 006C082C
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 006C0837
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 006C083C

Strings

SOFTWARE\Classes\, xrefs: 006C070E
\CLSID, xrefs: 006C0724
\IPC$, xrefs: 006C0784

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: 8ffd4addc01252f0a920e9bbe41772982461a3e23cbf5996a139b6ff94c2d363
Instruction ID: ffa8f4b78d53d78eb825b59fce957e0069d925db3c56ac964eb336601b901950
Opcode Fuzzy Hash: 8ffd4addc01252f0a920e9bbe41772982461a3e23cbf5996a139b6ff94c2d363
Instruction Fuzzy Hash: 4741C372810229ABDF15EBA4DC95DFDB77AFF14750B144129E901B3261EB70AE44CBA0

Function 006E3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 006E3C5C
CoInitialize.OLE32(00000000), ref: 006E3C8A
CoUninitialize.OLE32 ref: 006E3C94
_wcslen.LIBCMT ref: 006E3D2D
GetRunningObjectTable.OLE32(00000000,?), ref: 006E3DB1
SetErrorMode.KERNEL32(00000001,00000029), ref: 006E3ED5
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 006E3F0E
CoGetObject.OLE32(?,00000000,006FFB98,?), ref: 006E3F2D
SetErrorMode.KERNEL32(00000000), ref: 006E3F40
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 006E3FC4
VariantClear.OLEAUT32(?), ref: 006E3FD8

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
String ID:
API String ID: 429561992-0
Opcode ID: 5f2eec88f8794532493318bc7b1b7f25508e63090eab34eb60234deb0f983b2a
Instruction ID: ad10c92c89c4ca5e8acfed48c012f6dabe020e4793d27bec0ebd442c8268fbcd
Opcode Fuzzy Hash: 5f2eec88f8794532493318bc7b1b7f25508e63090eab34eb60234deb0f983b2a
Instruction Fuzzy Hash: 1CC122716083559FD700DF69C88896ABBEAEF89744F10491DF98A9B310DB31EE06CB52

Function 006D7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 006D7AF3
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 006D7B8F
SHGetDesktopFolder.SHELL32(?), ref: 006D7BA3
CoCreateInstance.OLE32(006FFD08,00000000,00000001,00726E6C,?), ref: 006D7BEF
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 006D7C74
CoTaskMemFree.OLE32(?,?), ref: 006D7CCC
SHBrowseForFolderW.SHELL32(?), ref: 006D7D57
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 006D7D7A
CoTaskMemFree.OLE32(00000000), ref: 006D7D81
CoTaskMemFree.OLE32(00000000), ref: 006D7DD6
CoUninitialize.OLE32 ref: 006D7DDC

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: 62b8956c5aa7c9097beaf45a5f166f7eea34f00f5050f07eac86885aabf063d0
Instruction ID: b4ef5313bbbe6fecf2e9d488b42314dd00d57426fb8d8b63fc3c5088502e4d82
Opcode Fuzzy Hash: 62b8956c5aa7c9097beaf45a5f166f7eea34f00f5050f07eac86885aabf063d0
Instruction Fuzzy Hash: 95C10B75A04109AFCB14DFA4C884DAEBBFAFF48314B148499E81ADB361D730EE45CB91

Function 006F541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 006F5504
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 006F5515
CharNextW.USER32(00000158), ref: 006F5544
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 006F5585
SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 006F559B
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 006F55AC

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend$CharNext
String ID:
API String ID: 1350042424-0
Opcode ID: 57b02550469ebd1bad5d701cd78af5f010e1151a010264e19842523055308be3
Instruction ID: e33835266cedb8aab252c2ebdf800728b3e327a547dae6f0c17b0dbd831e8438
Opcode Fuzzy Hash: 57b02550469ebd1bad5d701cd78af5f010e1151a010264e19842523055308be3
Instruction Fuzzy Hash: E7615D7490460CABDF109F54CD84AFE7BBAEB05721F108149FB26AA290D7749E81DB61

Function 006BFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 006BFAAF
SafeArrayAllocData.OLEAUT32(?), ref: 006BFB08
VariantInit.OLEAUT32(?), ref: 006BFB1A
SafeArrayAccessData.OLEAUT32(?,?), ref: 006BFB3A
VariantCopy.OLEAUT32(?,?), ref: 006BFB8D
SafeArrayUnaccessData.OLEAUT32(?), ref: 006BFBA1
VariantClear.OLEAUT32(?), ref: 006BFBB6
SafeArrayDestroyData.OLEAUT32(?), ref: 006BFBC3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 006BFBCC
VariantClear.OLEAUT32(?), ref: 006BFBDE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 006BFBE9

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: ccf6254f15589dd1d859594dd67d97597602d5210b2f95c3ea251715c8870b6b
Instruction ID: a05ae84e6cb310d3ed4128045548034031a608fbf9e59ee05503aafff71afb0f
Opcode Fuzzy Hash: ccf6254f15589dd1d859594dd67d97597602d5210b2f95c3ea251715c8870b6b
Instruction Fuzzy Hash: 1C413E75A00219DFCB04DFA8CC549FEBBBAFF48354F008469E945A7261CB70A985CBA0

Function 006C9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 006C9CA1
GetAsyncKeyState.USER32(000000A0), ref: 006C9D22
GetKeyState.USER32(000000A0), ref: 006C9D3D
GetAsyncKeyState.USER32(000000A1), ref: 006C9D57
GetKeyState.USER32(000000A1), ref: 006C9D6C
GetAsyncKeyState.USER32(00000011), ref: 006C9D84
GetKeyState.USER32(00000011), ref: 006C9D96
GetAsyncKeyState.USER32(00000012), ref: 006C9DAE
GetKeyState.USER32(00000012), ref: 006C9DC0
GetAsyncKeyState.USER32(0000005B), ref: 006C9DD8
GetKeyState.USER32(0000005B), ref: 006C9DEA

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 83f29291fb5b372c74af959a68cf7bd83c54e459cefbe90b3d3878b350dd80cb
Instruction ID: e92af7a4fdc9c76ed4d48a2557f89ad5cddee2435c62811f12f5b2a27e55f4bc
Opcode Fuzzy Hash: 83f29291fb5b372c74af959a68cf7bd83c54e459cefbe90b3d3878b350dd80cb
Instruction Fuzzy Hash: 3441B574504BC96DFF3096609408BF5BEA2EF21344F04905ED6C7667C2DBA4A9C8C7B2

Function 006E055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 006E05BC
inet_addr.WSOCK32(?), ref: 006E061C
gethostbyname.WSOCK32(?), ref: 006E0628
IcmpCreateFile.IPHLPAPI ref: 006E0636
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 006E06C6
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 006E06E5
IcmpCloseHandle.IPHLPAPI(?), ref: 006E07B9
WSACleanup.WSOCK32 ref: 006E07BF

Strings

Ping, xrefs: 006E0676

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: 8239ecf74f9e8a5b0eacca65106650795239799852da64434a5b0516360fb76a
Instruction ID: 8ae88029725d3e4362ac8b1909a6eab0f70eae875f929625d2d27c3e26dff03b
Opcode Fuzzy Hash: 8239ecf74f9e8a5b0eacca65106650795239799852da64434a5b0516360fb76a
Instruction Fuzzy Hash: E491AF356053419FE720DF16C588F5ABBE2AF44318F1485A9F4698B7A2C7B0EC85CF91

Function 006E8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 006E8CF3

Part of subcall function 006C8E54: _wcslen.LIBCMT ref: 006C8E77

_wcslen.LIBCMT ref: 006E8D4E
_wcslen.LIBCMT ref: 006E8D9C
_wcslen.LIBCMT ref: 006E8DDC
_wcslen.LIBCMT ref: 006E8E6E

Strings

stdcall, xrefs: 006E8DD6, 006E8DDB
winapi, xrefs: 006E8D96, 006E8D9B
none, xrefs: 006E8E65, 006E8E6A
cdecl, xrefs: 006E8D48, 006E8D4D

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: 8215839d4f950f4787036f821a8f0efc1942edcf73c6c7b842619cc911c3353c
Instruction ID: 717fe795f2c94538d06feafeedc05b55642363c0eed72dcf6be85956e9d7ab2a
Opcode Fuzzy Hash: 8215839d4f950f4787036f821a8f0efc1942edcf73c6c7b842619cc911c3353c
Instruction Fuzzy Hash: A8519E31A016569FCB24DF69C9409FEB7A7BF64320B204229E82AE73C4DB35DD41CB90

Function 006E372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 006E3774
CoUninitialize.OLE32 ref: 006E377F
CoCreateInstance.OLE32(?,00000000,00000017,006FFB78,?), ref: 006E37D9
IIDFromString.OLE32(?,?), ref: 006E384C
VariantInit.OLEAUT32(?), ref: 006E38E4
VariantClear.OLEAUT32(?), ref: 006E3936

Strings

NULL Pointer assignment, xrefs: 006E381E
Failed to create object, xrefs: 006E37E4, 006E389A
Invalid parameter, xrefs: 006E3865

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: 2155c614360100e16357e2460ed56e565d879bf316ceb0c562f9612dfec24c36
Instruction ID: 91425c4aff19281584f19cadfd61f1127f8550b4f178163b9888a01a7e8f6abe
Opcode Fuzzy Hash: 2155c614360100e16357e2460ed56e565d879bf316ceb0c562f9612dfec24c36
Instruction Fuzzy Hash: 0461AC70609361AFD710DF55C948BAABBEAEF48714F00080DF8859B391D770EE49CB96

Function 006D3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 006D33CF

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

LoadStringW.USER32(00000072,?,00000FFF,?), ref: 006D33F0

Strings

"%s" (%d) : ==> %s:%s%s, xrefs: 006D3504
^ ERROR , xrefs: 006D349E
Incorrect parameters to object property !, xrefs: 006D34AB
Error: , xrefs: 006D34D1
"%s" (%d) : ==> %s:, xrefs: 006D3522
Line %d (File "%s"):, xrefs: 006D3443, 006D345C

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-3080491070
Opcode ID: 0bf28401ebe7e12e4328b3bc2333d4d57d909326e6298c2fdc476ce2931790bf
Instruction ID: 6df5922c4e5c294da686dc17a01234d2ef27b1d9429a4f658c7e70ef5e39ea72
Opcode Fuzzy Hash: 0bf28401ebe7e12e4328b3bc2333d4d57d909326e6298c2fdc476ce2931790bf
Instruction Fuzzy Hash: 3351AF71C00219AADF54EBA0DE46EFEB77AEF14300F10406AF50572292EB352F58DB65

Function 006CB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 006CB5FC
_wcslen.LIBCMT ref: 006CB608
_wcslen.LIBCMT ref: 006CB64D
_wcslen.LIBCMT ref: 006CB68C
_wcslen.LIBCMT ref: 006CB6C7

Strings

KEYS, xrefs: 006CB647, 006CB64C
REMOVE, xrefs: 006CB602, 006CB607
EXISTS, xrefs: 006CB686, 006CB68B
APPEND, xrefs: 006CB6C1, 006CB6C6

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 1256254125-769500911
Opcode ID: 8d593aad25d9ebc490cde3feb1b7f71f4534171d5b1f66102dda5a8b689c6325
Instruction ID: 52073db320d7a6d4d8c9b5afe0ad7b951482fef1b0e94f033b114b4486308c39
Opcode Fuzzy Hash: 8d593aad25d9ebc490cde3feb1b7f71f4534171d5b1f66102dda5a8b689c6325
Instruction Fuzzy Hash: 1D41B732A000279ACB206F7EC992AFE77A7EB61754F24522EE465D7384E735CD81C790

Function 006D5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 006D53A0
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 006D5416
GetLastError.KERNEL32 ref: 006D5420
SetErrorMode.KERNEL32(00000000,READY), ref: 006D54A7

Strings

READY, xrefs: 006D5460, 006D5468
READONLY, xrefs: 006D5452
UNKNOWN, xrefs: 006D5444
NOTREADY, xrefs: 006D544B
INVALID, xrefs: 006D5459

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: 57a1473fda24c376947c5eaaa85754ddef2e9517facc74f09b878ab67600971b
Instruction ID: 9816f9221b3d0374778e4b79af37b091d799fbfa29913755a4a99c95f0b117d6
Opcode Fuzzy Hash: 57a1473fda24c376947c5eaaa85754ddef2e9517facc74f09b878ab67600971b
Instruction Fuzzy Hash: BE318F35E006089FCB10DF68C584AEA7BF6EF45305F14806AE406DB792DB71DD86CB92

Function 006F3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 006F3C79
SetMenu.USER32(?,00000000), ref: 006F3C88
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 006F3D10
IsMenu.USER32(?), ref: 006F3D24
CreatePopupMenu.USER32 ref: 006F3D2E
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 006F3D5B
DrawMenuBar.USER32 ref: 006F3D63

Strings

F, xrefs: 006F3D4E
0, xrefs: 006F3C54

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: a3150b2d52612a2db0af009806d9d381405bbe9b5a5712b8ace6e240955518d7
Instruction ID: 2dd26358d7ff4d61e30d2ba29b47dbef1c9146cc67a58aef35fe49316e664525
Opcode Fuzzy Hash: a3150b2d52612a2db0af009806d9d381405bbe9b5a5712b8ace6e240955518d7
Instruction Fuzzy Hash: 6A416779A0121DEFDB14DFA4D994AEA7BB6FF49350F140028FA46A7360D730AA14CF94

Function 006C1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

Part of subcall function 006C3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 006C3CCA

SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 006C1F64
GetDlgCtrlID.USER32 ref: 006C1F6F
GetParent.USER32 ref: 006C1F8B
SendMessageW.USER32(00000000,?,00000111,?), ref: 006C1F8E
GetDlgCtrlID.USER32(?), ref: 006C1F97
GetParent.USER32(?), ref: 006C1FAB
SendMessageW.USER32(00000000,?,00000111,?), ref: 006C1FAE

Strings

ComboBox, xrefs: 006C1EEC
ListBox, xrefs: 006C1F21

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: 5fc97a6a83f4dad94be40b9144a533cdc19b13d53f38d6421b278d0cc285e9d7
Instruction ID: da3d7841dee86436ab925330ed92b79512ce6a2bd1f01cb1e85b876f261959ef
Opcode Fuzzy Hash: 5fc97a6a83f4dad94be40b9144a533cdc19b13d53f38d6421b278d0cc285e9d7
Instruction Fuzzy Hash: 2E21C270900218BBCF04AFA0DC85EFEBBBAEF16310B00411DF961A7295CB345918DB64

Function 006F3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 006F3A9D
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 006F3AA0
GetWindowLongW.USER32(?,000000F0), ref: 006F3AC7
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 006F3AEA
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 006F3B62
SendMessageW.USER32(?,00001074,00000000,00000007), ref: 006F3BAC
SendMessageW.USER32(?,00001057,00000000,00000000), ref: 006F3BC7
SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 006F3BE2
SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 006F3BF6
SendMessageW.USER32(?,00001008,00000000,00000007), ref: 006F3C13

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: d7cb542c4ac59a4a6d88c5e744181885b001c72e6fd8f8c7e10630b8b806916e
Instruction ID: 0d736efbed88b01e24a9a75963f63c459ed10d61c76b075d8327c4c9ba557919
Opcode Fuzzy Hash: d7cb542c4ac59a4a6d88c5e744181885b001c72e6fd8f8c7e10630b8b806916e
Instruction Fuzzy Hash: 39618875A00258AFDB10DFA8CC81EFE77B9EB09310F104099FA05AB3A1C774AA42DB54

Function 006CB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 006CB151
GetForegroundWindow.USER32(00000000,?,?,?,?,?,006CA1E1,?,00000001), ref: 006CB165
GetWindowThreadProcessId.USER32(00000000), ref: 006CB16C
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,006CA1E1,?,00000001), ref: 006CB17B
GetWindowThreadProcessId.USER32(?,00000000), ref: 006CB18D
AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,006CA1E1,?,00000001), ref: 006CB1A6
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,006CA1E1,?,00000001), ref: 006CB1B8
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,006CA1E1,?,00000001), ref: 006CB1FD
AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,006CA1E1,?,00000001), ref: 006CB212
AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,006CA1E1,?,00000001), ref: 006CB21D

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: 28997fc24d07660ee4243e580ca1174de06ab87e6056525edc005074e3dfd8d9
Instruction ID: 92106427006c11827fed3fd406181c5d83e8349408de8c9221f29f261ac324ae
Opcode Fuzzy Hash: 28997fc24d07660ee4243e580ca1174de06ab87e6056525edc005074e3dfd8d9
Instruction Fuzzy Hash: 8D318071500208AFEB249F24DD4AFBD7BABFB51322F14A019F901DA290D7B89E40CF65

Function 00692C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00692C94

Part of subcall function 006929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000), ref: 006929DE
Part of subcall function 006929C8: GetLastError.KERNEL32(00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000,00000000), ref: 006929F0

_free.LIBCMT ref: 00692CA0
_free.LIBCMT ref: 00692CAB
_free.LIBCMT ref: 00692CB6
_free.LIBCMT ref: 00692CC1
_free.LIBCMT ref: 00692CCC
_free.LIBCMT ref: 00692CD7
_free.LIBCMT ref: 00692CE2
_free.LIBCMT ref: 00692CED
_free.LIBCMT ref: 00692CFB

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: ccf0c9b8a02112f9e884c3addd346ce9990ca063aa94deb564cdd004157a58ca
Instruction ID: 8909205e05ea2cc747729d3f77899a1a83c01f4a1e26fbf4df4e43270f128387
Opcode Fuzzy Hash: ccf0c9b8a02112f9e884c3addd346ce9990ca063aa94deb564cdd004157a58ca
Instruction Fuzzy Hash: DF11D776100109BFCF42EF55D852CDD3BAAFF05750F4144A8F9485FA22D631EE509B94

Function 00661410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON

Download Yara Rule

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00661459
OleUninitialize.OLE32(?,00000000), ref: 006614F8
UnregisterHotKey.USER32(?), ref: 006616DD
DestroyWindow.USER32(?), ref: 006A24B9
FreeLibrary.KERNEL32(?), ref: 006A251E
VirtualFree.KERNEL32(?,00000000,00008000), ref: 006A254B

Strings

close all, xrefs: 00661454

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: d44323e212913ed05922c9003cb567cc95a094f212dba20416eb9ce39e12861c
Instruction ID: adb5fd5f5edab60a22dbd3c3aa44bbe7ffd8857298ef00f3999067748d4002be
Opcode Fuzzy Hash: d44323e212913ed05922c9003cb567cc95a094f212dba20416eb9ce39e12861c
Instruction Fuzzy Hash: 5BD1A031B01212CFCB19EF19C5A5A69F7A6BF06710F18819DE84AAB351DB30ED12CF54

Function 006D7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 006D7FAD
SetCurrentDirectoryW.KERNEL32(?), ref: 006D7FC1
GetFileAttributesW.KERNEL32(?), ref: 006D7FEB
SetFileAttributesW.KERNEL32(?,00000000), ref: 006D8005
SetCurrentDirectoryW.KERNEL32(?), ref: 006D8017
SetCurrentDirectoryW.KERNEL32(?), ref: 006D8060
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 006D80B0

Strings

*.*, xrefs: 006D8066

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: d3673a047580050302d93b55a7b431b804037558e026146afca77cbde8e08b88
Instruction ID: 823581ab07995327f40ed7a8705e4a2bdf50f37697e7df0246ed27e9090edb63
Opcode Fuzzy Hash: d3673a047580050302d93b55a7b431b804037558e026146afca77cbde8e08b88
Instruction Fuzzy Hash: 91818B729082459FCB20EF14C844ABAB3EAAF88314F14486FF885C7351EB34DD498B93

Function 00665BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 00665C7A

Part of subcall function 00665D0A: GetClientRect.USER32(?,?), ref: 00665D30
Part of subcall function 00665D0A: GetWindowRect.USER32(?,?), ref: 00665D71
Part of subcall function 00665D0A: ScreenToClient.USER32(?,?), ref: 00665D99

GetDC.USER32 ref: 006A46F5
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 006A4708
SelectObject.GDI32(00000000,00000000), ref: 006A4716
SelectObject.GDI32(00000000,00000000), ref: 006A472B
ReleaseDC.USER32(?,00000000), ref: 006A4733
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 006A47C4

Strings

U, xrefs: 006A4693

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: 6e016f9639a4aae1919c2878f160fa97db3c9998a4122a4278d18a6c6e7cbb11
Instruction ID: 6a08eea6c2ca597eda099a5e062e34296bece89a80b6a35e49a383adf22247eb
Opcode Fuzzy Hash: 6e016f9639a4aae1919c2878f160fa97db3c9998a4122a4278d18a6c6e7cbb11
Instruction Fuzzy Hash: A171BA30400249DFCF21AF64CD85AFA7BA3EF8A321F144269E9565A2A6CB71DC42DF50

Function 006D359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 006D35E4

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

LoadStringW.USER32(00732390,?,00000FFF,?), ref: 006D360A

Strings

^ ERROR, xrefs: 006D36C9
"%s" (%d) : ==> %s:%s%s, xrefs: 006D3724
Error: , xrefs: 006D36EF
"%s" (%d) : ==> %s:, xrefs: 006D3742
Line %d (File "%s"):, xrefs: 006D366B

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-2391861430
Opcode ID: cae8946746c1c4a6b78abcadf72cc8b631020aa48a9477f69d0aec627b7d297c
Instruction ID: 2649db11e68ffac7afc7ace632354c94f4112b9f25720e9af0c78d8d5d2e02ec
Opcode Fuzzy Hash: cae8946746c1c4a6b78abcadf72cc8b631020aa48a9477f69d0aec627b7d297c
Instruction Fuzzy Hash: 9B519071C00269BADF54EBA0DD42EEEBB7AEF14300F144129F505722A1DB305B99DFA9

Function 006DC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 006DC272
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 006DC29A
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 006DC2CA
GetLastError.KERNEL32 ref: 006DC322
SetEvent.KERNEL32(?), ref: 006DC336
InternetCloseHandle.WININET(00000000), ref: 006DC341

Strings

, xrefs: 006DC2BB

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: 5f85184ca608e0cb337b91ef15fdb0be7d00ddc428185751ab19fc90c73dda8d
Instruction ID: 19e73a994796acb4d83ade7cf86cc0ec06a46e48751333bf463ac870bafa2bc3
Opcode Fuzzy Hash: 5f85184ca608e0cb337b91ef15fdb0be7d00ddc428185751ab19fc90c73dda8d
Instruction Fuzzy Hash: 98316BB1A0020DAFDB21AF658988ABB7BFEEB49764B10851EF44692300DB30DD05DB60

Function 006C989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,006A3AAF,?,?,Bad directive syntax error,006FCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 006C98BC
LoadStringW.USER32(00000000,?,006A3AAF,?), ref: 006C98C3

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 006C9987

Strings

., xrefs: 006C996D
Error: , xrefs: 006C9955
Line %d:, xrefs: 006C9912
Line %d (File "%s"):, xrefs: 006C992D
%s (%d) : ==> %s.: %s %s, xrefs: 006C98F1

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: HandleLoadMessageModuleString_wcslen
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 858772685-4153970271
Opcode ID: 545a84a296d9d3d91aa5c7cdb8ba616983345b0da4ae97f3adf4c5da0d39e8e2
Instruction ID: 748b18d023d5cf2bed858d9f20793168d8863242cfe31714912d61e13084f365
Opcode Fuzzy Hash: 545a84a296d9d3d91aa5c7cdb8ba616983345b0da4ae97f3adf4c5da0d39e8e2
Instruction Fuzzy Hash: 0C215C7180026AABCF15AF90CC0AEFE777AFF18700F04445EB515661A2EA359A18DB24

Function 006C209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 006C20AB
GetClassNameW.USER32(00000000,?,00000100), ref: 006C20C0
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 006C214D

Strings

details, xrefs: 006C20FB
list, xrefs: 006C212F
smallicons, xrefs: 006C2115
SHELLDLL_DefView, xrefs: 006C20CC
largeicons, xrefs: 006C20E1

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: b07288118be2a40f20bdab421dd1619ab8d3cadc3b6c1c45237d8dba66f39358
Instruction ID: 690da26c9a14e734825872f299121aa63727825af9ead09eab75598a6cd29903
Opcode Fuzzy Hash: b07288118be2a40f20bdab421dd1619ab8d3cadc3b6c1c45237d8dba66f39358
Instruction Fuzzy Hash: 5E110AB6688717B9F6053620EC16EF6379ECF05324B20012EFF04A55D5EE7558425A18

Function 0069CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0069CEB7
_free.LIBCMT ref: 0069CF22
_free.LIBCMT ref: 0069CF48
_free.LIBCMT ref: 0069CF71
_free.LIBCMT ref: 0069CFA9
_free.LIBCMT ref: 0069CFDA
_free.LIBCMT ref: 0069D01B
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 0069D09C
_free.LIBCMT ref: 0069D0B5

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _free$EnvironmentVariable___from_strstr_to_strchr
String ID:
API String ID: 1282221369-0
Opcode ID: b5c4d6c54678d644d026fba34a29547c90771c4c7371af7d9cae1efd61bb2f9c
Instruction ID: e3e234f95c5719727c7f6f0c46181fcc762c40db957ec2387c9179e763f8b75d
Opcode Fuzzy Hash: b5c4d6c54678d644d026fba34a29547c90771c4c7371af7d9cae1efd61bb2f9c
Instruction Fuzzy Hash: CA6127B1A04301AFDF21AFB898A1AAA7BEFEF05370F04416DF94597B81D7359D018794

Function 006F50D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00002001,00000000,00000000), ref: 006F5186
ShowWindow.USER32(?,00000000), ref: 006F51C7
ShowWindow.USER32(?,00000005,?,00000000), ref: 006F51CD
SetFocus.USER32(?,?,00000005,?,00000000), ref: 006F51D1

Part of subcall function 006F6FBA: DeleteObject.GDI32(00000000), ref: 006F6FE6

GetWindowLongW.USER32(?,000000F0), ref: 006F520D
SetWindowLongW.USER32(?,000000F0,00000000), ref: 006F521A
InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 006F524D
SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 006F5287
SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 006F5296

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
String ID:
API String ID: 3210457359-0
Opcode ID: d4945f2a2ea49def95afec8a1a7beb009abcb2a886519236895546db84b38908
Instruction ID: b035be9b59031a78cc3f0b45f156c3bb5ddec9f3239c0417ceccc410a6e4c27a
Opcode Fuzzy Hash: d4945f2a2ea49def95afec8a1a7beb009abcb2a886519236895546db84b38908
Instruction Fuzzy Hash: FD517030A50A0CBEEF249F28CC46BF93B67AF05321F148215F716962E0C775AE91DB55

Function 00678B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 006B6890
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 006B68A9
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 006B68B9
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 006B68D1
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 006B68F2
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00678874,00000000,00000000,00000000,000000FF,00000000), ref: 006B6901
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 006B691E
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00678874,00000000,00000000,00000000,000000FF,00000000), ref: 006B692D

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: a8526d5d35ff594ffc04a1e61d037680e094c88b39d55ac2b20d973e914e4b37
Instruction ID: 497d00025ddc89b52819875d55f57fa703b20f747c87043bc4b3c49cfa1e3929
Opcode Fuzzy Hash: a8526d5d35ff594ffc04a1e61d037680e094c88b39d55ac2b20d973e914e4b37
Instruction Fuzzy Hash: 2A518BB0600209EFDB20DF25CC55FAA7BB6FB58760F108528F90A972A0DB74ED91DB50

Function 006DC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 006DC182
GetLastError.KERNEL32 ref: 006DC195
SetEvent.KERNEL32(?), ref: 006DC1A9

Part of subcall function 006DC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 006DC272
Part of subcall function 006DC253: GetLastError.KERNEL32 ref: 006DC322
Part of subcall function 006DC253: SetEvent.KERNEL32(?), ref: 006DC336
Part of subcall function 006DC253: InternetCloseHandle.WININET(00000000), ref: 006DC341

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: 2312fb8998ac205ab5e82fa1356c8aaf12eb04599deaf2c31b6ad4cce9302224
Instruction ID: f257e380e821aaa76dd56b74d05db28080e1c6cde707c53971f68f028aaa667e
Opcode Fuzzy Hash: 2312fb8998ac205ab5e82fa1356c8aaf12eb04599deaf2c31b6ad4cce9302224
Instruction Fuzzy Hash: AB318D71A0060AAFDB219FA5DD44AB6BBFBFF58320B10441EF95682710D731EA15DBA0

Function 006C25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 006C3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 006C3A57
Part of subcall function 006C3A3D: GetCurrentThreadId.KERNEL32 ref: 006C3A5E
Part of subcall function 006C3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006C25B3), ref: 006C3A65

MapVirtualKeyW.USER32(00000025,00000000), ref: 006C25BD
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 006C25DB
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 006C25DF
MapVirtualKeyW.USER32(00000025,00000000), ref: 006C25E9
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 006C2601
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 006C2605
MapVirtualKeyW.USER32(00000025,00000000), ref: 006C260F
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 006C2623
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 006C2627

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: fa53987b71b23c76ebcaff2cdb4dbf3d9ddd7b3b637a3a16a28c968c3b5a9dce
Instruction ID: 3c219b6a628840ad1bcd82059d6e089f035be7698b4c9a43f4041662418d57ac
Opcode Fuzzy Hash: fa53987b71b23c76ebcaff2cdb4dbf3d9ddd7b3b637a3a16a28c968c3b5a9dce
Instruction Fuzzy Hash: 8801D430394224BBFB106769DC8AF6A3F5ADF4EB22F101009F318AF1D1C9F26454DA69

Function 006C1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,006C1449,?,?,00000000), ref: 006C180C
HeapAlloc.KERNEL32(00000000,?,006C1449,?,?,00000000), ref: 006C1813
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,006C1449,?,?,00000000), ref: 006C1828
GetCurrentProcess.KERNEL32(?,00000000,?,006C1449,?,?,00000000), ref: 006C1830
DuplicateHandle.KERNEL32(00000000,?,006C1449,?,?,00000000), ref: 006C1833
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,006C1449,?,?,00000000), ref: 006C1843
GetCurrentProcess.KERNEL32(006C1449,00000000,?,006C1449,?,?,00000000), ref: 006C184B
DuplicateHandle.KERNEL32(00000000,?,006C1449,?,?,00000000), ref: 006C184E
CreateThread.KERNEL32(00000000,00000000,006C1874,00000000,00000000,00000000), ref: 006C1868

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: d5edad169dd28f9a56760f240e1a1d4b06fef3004323df99eeecdd5e1332c437
Instruction ID: f27559974c492abcc3df17271b41b80274e7f226f8ee6e365f5be5f000833cae
Opcode Fuzzy Hash: d5edad169dd28f9a56760f240e1a1d4b06fef3004323df99eeecdd5e1332c437
Instruction Fuzzy Hash: F801BBB5240708BFE710EBA5DD4DF6B3BADEB8AB11F015411FA05DB1A2CA709810DB60

Function 00693E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00693F0B
__alldvrm.LIBCMT ref: 0069410C
__alldvrm.LIBCMT ref: 0069412E

Strings

}}h, xrefs: 00693E96, 00693EF1, 00693F0A, 00694090
}}h, xrefs: 006940CD
}}h, xrefs: 00693E8A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID: }}h$}}h$}}h
API String ID: 1036877536-4274082275
Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction ID: 833dc23df4e8a1c6d9c27fa54bdd10ba8c6cc603610dca333f124e6ca28b4b77
Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction Fuzzy Hash: D3A13676D002969FDF21DF18C891BBEBBEAEF62350F14426DE5859B781CA348D82C750

Function 006EA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 006CD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 006CD501
Part of subcall function 006CD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 006CD50F
Part of subcall function 006CD4DC: CloseHandle.KERNEL32(00000000), ref: 006CD5DC

OpenProcess.KERNEL32(00000001,00000000,?), ref: 006EA16D
GetLastError.KERNEL32 ref: 006EA180
OpenProcess.KERNEL32(00000001,00000000,?), ref: 006EA1B3
TerminateProcess.KERNEL32(00000000,00000000), ref: 006EA268
GetLastError.KERNEL32(00000000), ref: 006EA273
CloseHandle.KERNEL32(00000000), ref: 006EA2C4

Strings

SeDebugPrivilege, xrefs: 006EA18F

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: f301e86fb30704f0847496712c3df8607ca7cd97329c762fa90a45b9385f34ca
Instruction ID: c1dd04b18d24010d77c68ea831ff1f2b67fb8e4f3ab85b96867ab2638f328242
Opcode Fuzzy Hash: f301e86fb30704f0847496712c3df8607ca7cd97329c762fa90a45b9385f34ca
Instruction Fuzzy Hash: 81619A302053829FD720DF59C494F66BBE2AF44318F18849CE5669BBA3C772ED45CB92

Function 006F3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 006F3925
SendMessageW.USER32(00000000,00001036,00000000,?), ref: 006F393A
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 006F3954
_wcslen.LIBCMT ref: 006F3999
SendMessageW.USER32(?,00001057,00000000,?), ref: 006F39C6
SendMessageW.USER32(?,00001061,?,0000000F), ref: 006F39F4

Strings

SysListView32, xrefs: 006F38F7

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend$Window_wcslen
String ID: SysListView32
API String ID: 2147712094-78025650
Opcode ID: b6ea3aa8681974a4231117aae635d4c0a9e05d00cc16beb8724304dd6474b355
Instruction ID: 551b89725854b5e0349a468cf6efd33dbcbc56c40363dad893fff533f0f11fd9
Opcode Fuzzy Hash: b6ea3aa8681974a4231117aae635d4c0a9e05d00cc16beb8724304dd6474b355
Instruction Fuzzy Hash: E3417571A0021DABEF219F64CC45BFA77AAEF08350F10052AFA58E7391D7B59D84CB94

Function 006CBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 006CBCFD
IsMenu.USER32(00000000), ref: 006CBD1D
CreatePopupMenu.USER32 ref: 006CBD53
GetMenuItemCount.USER32(00CD5490), ref: 006CBDA4
InsertMenuItemW.USER32(00CD5490,?,00000001,00000030), ref: 006CBDCC

Strings

2, xrefs: 006CBD37
0, xrefs: 006CBCA8

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID: 0$2
API String ID: 93392585-3793063076
Opcode ID: 05e102344d809c2eab9ce2ec72a8865637973f4f494f31337530ce366b12dc07
Instruction ID: a1976e2b2493195cfe7e0002b019dfdf37e33aaa19a7bfce74d8f02921d2ec5c
Opcode Fuzzy Hash: 05e102344d809c2eab9ce2ec72a8865637973f4f494f31337530ce366b12dc07
Instruction Fuzzy Hash: 94519D70A002099BDB10DFA8D986FFEBBFAEF45324F14615DE40297390D771A945CB61

Function 00682D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00682D4B
___except_validate_context_record.LIBVCRUNTIME ref: 00682D53
_ValidateLocalCookies.LIBCMT ref: 00682DE1
__IsNonwritableInCurrentImage.LIBCMT ref: 00682E0C
_ValidateLocalCookies.LIBCMT ref: 00682E61

Strings

&Hh, xrefs: 00682DFE, 00682E07, 00682E18
csm, xrefs: 00682DF6

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: &Hh$csm
API String ID: 1170836740-1897021073
Opcode ID: 31356c900086e747371a913e9685538b0801080b061e96ab4becb0cb2a4bb729
Instruction ID: 9e791b956beaa4d9d62fd1c00ed71e94448cb815ad39628bf75953253bf6879f
Opcode Fuzzy Hash: 31356c900086e747371a913e9685538b0801080b061e96ab4becb0cb2a4bb729
Instruction Fuzzy Hash: 5041C474A0021AEBCF10EF68C865ADEBFB6BF44324F148259E8146B392D7759A01CBD4

Function 006CC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 006CC913

Strings

stop, xrefs: 006CC8E4
blank, xrefs: 006CC895
question, xrefs: 006CC8CC
warning, xrefs: 006CC8FC
info, xrefs: 006CC8B4

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: 632556bccaa16fe0454dd97f832f1047f85b7d5ace7906f43d57425820863d88
Instruction ID: cd94c8fbf5d1c52b0365ec11ff00df27413f49d4bba65c6de6f8e0a7eece3f19
Opcode Fuzzy Hash: 632556bccaa16fe0454dd97f832f1047f85b7d5ace7906f43d57425820863d88
Instruction Fuzzy Hash: 35110D31689317BAE705AB55AC83EFB67ADDF15374B10002FF508A6382EB74DE015369

Function 006CDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 006CDE42
gethostname.WSOCK32(?,00000100), ref: 006CDE5C
gethostbyname.WSOCK32(?), ref: 006CDE69
inet_ntoa.WSOCK32(?), ref: 006CDEAB
_strcat.LIBCMT ref: 006CDEB9
WSACleanup.WSOCK32 ref: 006CDEDE

Strings

0.0.0.0, xrefs: 006CDE87

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 642191829-3771769585
Opcode ID: 90650b52b20c7fd8252269c611d34a616cac0d58482ca8da4640a2865b9f3cfa
Instruction ID: 5e40a65e251af8d015802952f246877d6c126af16d8bdaa06e3358638d2f95e7
Opcode Fuzzy Hash: 90650b52b20c7fd8252269c611d34a616cac0d58482ca8da4640a2865b9f3cfa
Instruction Fuzzy Hash: 15110671904119AFCB60BB24DD0AEFE77AEDF18720F01017EF50996191EF718A81CBA0

Function 006CED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 006CED2A
_wcslen.LIBCMT ref: 006CED3B
_wcslen.LIBCMT ref: 006CED79
_wcslen.LIBCMT ref: 006CEDAF
_wcslen.LIBCMT ref: 006CEDDF
_wcslen.LIBCMT ref: 006CEDEF
_wcslen.LIBCMT ref: 006CEE2B
_wcslen.LIBCMT ref: 006CEE5A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: ec285c01fccbb0826c9cd3f14f8730bde986a7109c942fdb34ef274de0520b76
Instruction ID: e75eb91c842147436ec92bc1c083ffd03de33283b9617d31e77db8fa0bafa35f
Opcode Fuzzy Hash: ec285c01fccbb0826c9cd3f14f8730bde986a7109c942fdb34ef274de0520b76
Instruction Fuzzy Hash: 46419565C1011865CB51FBB4C88AADFB7BAEF45310F50456AF618E3162EB34E345C3E9

Function 0067F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,006B682C,00000004,00000000,00000000), ref: 0067F953
ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,006B682C,00000004,00000000,00000000), ref: 006BF3D1
ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,006B682C,00000004,00000000,00000000), ref: 006BF454

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: b88375b10a1bb50f9fa734895227a03046c01e200070be4ee7713c82561f75fb
Instruction ID: 355691ca3010e71994e3a4034c400f52f5d87dcb2aa87558dd9cf6e5692ddbec
Opcode Fuzzy Hash: b88375b10a1bb50f9fa734895227a03046c01e200070be4ee7713c82561f75fb
Instruction Fuzzy Hash: F4411831208680BEC7349B2D8D88FFA7BD3AB46320F14C43CE25F56671E631A881CB51

Function 006F2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 006F2D1B
GetDC.USER32(00000000), ref: 006F2D23
GetDeviceCaps.GDI32(00000000,0000005A), ref: 006F2D2E
ReleaseDC.USER32(00000000,00000000), ref: 006F2D3A
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 006F2D76
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 006F2D87
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,006F5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 006F2DC2
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 006F2DE1

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: 05a21cd5daa319d9de942d772524d22d3f1afd41b20bc83968b10db9cf2e1cc7
Instruction ID: 4f638dc0f3932a4d239a9e0e7d4eca01a83a8d99217d28256e06ebe42dc99e64
Opcode Fuzzy Hash: 05a21cd5daa319d9de942d772524d22d3f1afd41b20bc83968b10db9cf2e1cc7
Instruction Fuzzy Hash: C0316972201618BBEB218F50CD8AFFB3BAAEF09725F044055FE08DA291C6759C51CBA4

Function 006C5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 006C5637
_memcmp.LIBVCRUNTIME ref: 006C5659
_memcmp.LIBVCRUNTIME ref: 006C5671
_memcmp.LIBVCRUNTIME ref: 006C5684
_memcmp.LIBVCRUNTIME ref: 006C569E
_memcmp.LIBVCRUNTIME ref: 006C56B1
_memcmp.LIBVCRUNTIME ref: 006C56C9
_memcmp.LIBVCRUNTIME ref: 006C56E4

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: ac48ba01043ad47b2471e4d0155d7050bc803a4aa576bcde25ac5f8b5826e5c8
Instruction ID: a7a94745c40cedbf930964ce2ee835e79dbeeba59bf17e8032c5d6d588a0b525
Opcode Fuzzy Hash: ac48ba01043ad47b2471e4d0155d7050bc803a4aa576bcde25ac5f8b5826e5c8
Instruction Fuzzy Hash: 5321CC61640A1977D61467128DA2FFB335FEF12384F54002DFE069E651FB21FD9282AD

Function 006E4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON

Download Yara Rule

Strings

Not an Object type, xrefs: 006E5007
NULL Pointer assignment, xrefs: 006E502E, 006E5383

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: 67f91b12ad4f63e811d1de4c00857a801d6eef36cc8765061d81f74f8589f43c
Instruction ID: fe92c39e6f846ab8ae49ba3d192919016b5be68887602b918952c315f2689e9d
Opcode Fuzzy Hash: 67f91b12ad4f63e811d1de4c00857a801d6eef36cc8765061d81f74f8589f43c
Instruction Fuzzy Hash: 07D1AF71A0174A9FDB10CFA9C880BEEB7B6BF48358F148069E916AB281E771DD45CB50

Function 006A1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 006A15CE
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 006A1651
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 006A16E4
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 006A16FB

Part of subcall function 00693820: RtlAllocateHeap.NTDLL(00000000,?,00731444,?,0067FDF5,?,?,0066A976,00000010,00731440,006613FC,?,006613C6,?,00661129), ref: 00693852

MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 006A1777
__freea.LIBCMT ref: 006A17A2
__freea.LIBCMT ref: 006A17AE

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: 17c8fdb3704190c07ea369abbd56862107f19613c9c6a0609c4e58de2f6f3dcf
Instruction ID: 434d656577604623b82c8fcb18277727e21861ab6dc8b80032ac731d8827b1df
Opcode Fuzzy Hash: 17c8fdb3704190c07ea369abbd56862107f19613c9c6a0609c4e58de2f6f3dcf
Instruction Fuzzy Hash: 0A91A2B1E042169ADF24AE64C991EEE7BB79F4B310F185659E802EF281E735DC41CF60

Function 006E4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 006E4648
VariantInit.OLEAUT32(?), ref: 006E4749
VariantClear.OLEAUT32(?), ref: 006E4753
VariantClear.OLEAUT32(?), ref: 006E47B0

Strings

Incorrect Object type in FOR..IN loop, xrefs: 006E472C
Null Object assignment in FOR..IN loop, xrefs: 006E45D8, 006E4706, 006E47BE

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: 145580d41f314d6116296b9ffb6a8bc325d0afa48adb7c8df61277b60fac0c49
Instruction ID: ccb8df431c1355b66070f2bba5935680812124395fd639f5dabf4deab2f611ac
Opcode Fuzzy Hash: 145580d41f314d6116296b9ffb6a8bc325d0afa48adb7c8df61277b60fac0c49
Instruction Fuzzy Hash: AE91A471A01359ABDF24CFA6C844FEEB7BAEF86710F108559F505AB280DB709945CFA0

Function 006D1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 006D125C
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 006D1284
SafeArrayUnaccessData.OLEAUT32(00000001), ref: 006D12A8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006D12D8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006D135F
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006D13C4
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 006D1430

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ArraySafe$Data$Access$UnaccessVartype
String ID:
API String ID: 2550207440-0
Opcode ID: 3b384d3adff0d376c1094a9c0f04475b1c465be563c9282e0a5b5f97373995f4
Instruction ID: b3b70cb5747a033163adbef441ac8050f7ffa1b55e97bc4d2ce3300b2c291fa4
Opcode Fuzzy Hash: 3b384d3adff0d376c1094a9c0f04475b1c465be563c9282e0a5b5f97373995f4
Instruction Fuzzy Hash: 7991C171E00209AFDB10DF98C885BBEB7B6FF46325F14442AE900EB391D7B5A941CB94

Function 0067948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 31c2fdfe4fd4b0b1112c23957c156468ec02630692950dffee0b2bb548b283b7
Instruction ID: c57304638f1a19228e0edb757e5b2ced686dcab1e719ea050853b2fefa3ea1c1
Opcode Fuzzy Hash: 31c2fdfe4fd4b0b1112c23957c156468ec02630692950dffee0b2bb548b283b7
Instruction Fuzzy Hash: 92912571D00219EFDB10CFA9C884AEEBBFAFF89320F148159E515B7251D775AA42CB60

Function 006E3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 006E396B
CharUpperBuffW.USER32(?,?), ref: 006E3A7A
_wcslen.LIBCMT ref: 006E3A8A
VariantClear.OLEAUT32(?), ref: 006E3C1F

Part of subcall function 006D0CDF: VariantInit.OLEAUT32(00000000), ref: 006D0D1F
Part of subcall function 006D0CDF: VariantCopy.OLEAUT32(?,?), ref: 006D0D28
Part of subcall function 006D0CDF: VariantClear.OLEAUT32(?), ref: 006D0D34

Strings

Incorrect Parameter format, xrefs: 006E39A6, 006E3BA1
AUTOIT.ERROR, xrefs: 006E3A80, 006E3A85

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4137639002-1221869570
Opcode ID: e36d44175b4240176506fab2048b5d1ab5b2e0ab6f0693aa842c3dc22cad0f9b
Instruction ID: c6a48a995d7f7ae0ef368be33fa469ba577c76763b0b40b72d5872a01761896e
Opcode Fuzzy Hash: e36d44175b4240176506fab2048b5d1ab5b2e0ab6f0693aa842c3dc22cad0f9b
Instruction Fuzzy Hash: B79188746083459FC704DF29C48496AB7E6FF88314F14886EF88A9B351DB31EE46CB96

Function 006E4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 006C000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,006BFF41,80070057,?,?,?,006C035E), ref: 006C002B
Part of subcall function 006C000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006BFF41,80070057,?,?), ref: 006C0046
Part of subcall function 006C000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006BFF41,80070057,?,?), ref: 006C0054
Part of subcall function 006C000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006BFF41,80070057,?), ref: 006C0064

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 006E4C51
_wcslen.LIBCMT ref: 006E4D59
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 006E4DCF
CoTaskMemFree.OLE32(?), ref: 006E4DDA

Strings

NULL Pointer assignment, xrefs: 006E4E23, 006E4E52

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: 4ac85e538890b8259ab9d4b802b50b5a83eef4e5e6d493f354783085ba57224b
Instruction ID: 8b8ebcb234e2302aa0b183632c26ce3467b907fa2bcb9692b370fbb1fef0b343
Opcode Fuzzy Hash: 4ac85e538890b8259ab9d4b802b50b5a83eef4e5e6d493f354783085ba57224b
Instruction Fuzzy Hash: 05912671D0125DAFDF14DFA5C891AEEB7BABF08310F10856AE915B7241DB309A45CFA0

Function 006F20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 006F2183
GetMenuItemCount.USER32(00000000), ref: 006F21B5
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 006F21DD
_wcslen.LIBCMT ref: 006F2213
GetMenuItemID.USER32(?,?), ref: 006F224D
GetSubMenu.USER32(?,?), ref: 006F225B

Part of subcall function 006C3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 006C3A57
Part of subcall function 006C3A3D: GetCurrentThreadId.KERNEL32 ref: 006C3A5E
Part of subcall function 006C3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006C25B3), ref: 006C3A65

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 006F22E3

Part of subcall function 006CE97B: Sleep.KERNEL32 ref: 006CE9F3

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: 7b0db4644b4695ff9f871b61bc3eefaec061ee1cccd8e6dc576c8f94c9b8a138
Instruction ID: dab24a56a1f2ba06bb1f063b816c711747648d60bb809dacb6b363f1115e414c
Opcode Fuzzy Hash: 7b0db4644b4695ff9f871b61bc3eefaec061ee1cccd8e6dc576c8f94c9b8a138
Instruction Fuzzy Hash: 56716275A00209AFCB50DFA4C851ABEB7F2EF48320F148459EA16AB341D734EE418F94

Function 006F7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(00CD56C0), ref: 006F7F37
IsWindowEnabled.USER32(00CD56C0), ref: 006F7F43
SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 006F801E
SendMessageW.USER32(00CD56C0,000000B0,?,?), ref: 006F8051
IsDlgButtonChecked.USER32(?,?), ref: 006F8089
GetWindowLongW.USER32(00CD56C0,000000EC), ref: 006F80AB
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 006F80C3

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: 5f3090c9e95b2e5758e9af3f90b18e53c2576920fb1dd4683ad730cf38981d04
Instruction ID: 4cb93ab4347865ff662cd7e16d3bd9e76a06f2dc688aaf666a0e0733aa53a19a
Opcode Fuzzy Hash: 5f3090c9e95b2e5758e9af3f90b18e53c2576920fb1dd4683ad730cf38981d04
Instruction Fuzzy Hash: DB718C7460924DAFEB219F64CC94FFABBBBEF09310F144499EA4597361CB31A845DB20

Function 006CAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 006CAEF9
GetKeyboardState.USER32(?), ref: 006CAF0E
SetKeyboardState.USER32(?), ref: 006CAF6F
PostMessageW.USER32(?,00000101,00000010,?), ref: 006CAF9D
PostMessageW.USER32(?,00000101,00000011,?), ref: 006CAFBC
PostMessageW.USER32(?,00000101,00000012,?), ref: 006CAFFD
PostMessageW.USER32(?,00000101,0000005B,?), ref: 006CB020

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 67c32c8bf5bf89f187b2332f2d3768bc9612063f11cd25bb53d92d4f29ea90c9
Instruction ID: 69e4193eb5fce6d9765d64a5e35b6648cd5841d83e7b1e8f48f59e61a7137e32
Opcode Fuzzy Hash: 67c32c8bf5bf89f187b2332f2d3768bc9612063f11cd25bb53d92d4f29ea90c9
Instruction Fuzzy Hash: 5551C4A06147D93DFB3642748C4AFFA7EAA9B06308F08958DE1E5855C3C3A8ADC4D752

Function 006CACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 006CAD19
GetKeyboardState.USER32(?), ref: 006CAD2E
SetKeyboardState.USER32(?), ref: 006CAD8F
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 006CADBB
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 006CADD8
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 006CAE17
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 006CAE38

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: ec7592b04a4ce62fd1b3798484c67f07d08751b38fac00c93661e1cc800e2435
Instruction ID: 5399ff8a39eac45da00a83b58bb63c73f5d5c178384691693d5badd689d7d7c5
Opcode Fuzzy Hash: ec7592b04a4ce62fd1b3798484c67f07d08751b38fac00c93661e1cc800e2435
Instruction Fuzzy Hash: 7151D5B15047D93DFB3243B48C55FBA7EAA9F45308F08858DE1D6869C3C294EC84E792

Function 0069542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(006A3CD6,?,?,?,?,?,?,?,?,00695BA3,?,?,006A3CD6,?,?), ref: 00695470
__fassign.LIBCMT ref: 006954EB
__fassign.LIBCMT ref: 00695506
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,006A3CD6,00000005,00000000,00000000), ref: 0069552C
WriteFile.KERNEL32(?,006A3CD6,00000000,00695BA3,00000000,?,?,?,?,?,?,?,?,?,00695BA3,?), ref: 0069554B
WriteFile.KERNEL32(?,?,00000001,00695BA3,00000000,?,?,?,?,?,?,?,?,?,00695BA3,?), ref: 00695584

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: f7ff12cdb2f75768311ddb124b563bb28963ed008feb2b6b375b068bd933e110
Instruction ID: aa73cb286919b6526da3ef612085a7c5e2d9378cad156822c1acfdfc2de6167b
Opcode Fuzzy Hash: f7ff12cdb2f75768311ddb124b563bb28963ed008feb2b6b375b068bd933e110
Instruction Fuzzy Hash: D651E471A006099FDF11CFA8D841AEEBBFAEF09300F15415AF556E7392E7309A41CB60

Function 006E10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON

Download Yara Rule

APIs

Part of subcall function 006E304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 006E307A
Part of subcall function 006E304E: _wcslen.LIBCMT ref: 006E309B

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 006E1112
WSAGetLastError.WSOCK32 ref: 006E1121
WSAGetLastError.WSOCK32 ref: 006E11C9
closesocket.WSOCK32(00000000), ref: 006E11F9

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
String ID:
API String ID: 2675159561-0
Opcode ID: 97f82db935f453ec294fa4688ac252dd07042ed4110147323a028a9c5e17dc13
Instruction ID: e6bcc381fc278f422e632abd41613758b08712df9646d7b4b1a8f17d4a5df007
Opcode Fuzzy Hash: 97f82db935f453ec294fa4688ac252dd07042ed4110147323a028a9c5e17dc13
Instruction Fuzzy Hash: 8541F231600648AFDB109F55C884BEABBEBEF86364F148059F9169F391C770AD41CBA0

Function 006CCF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 006CDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,006CCF22,?), ref: 006CDDFD

Part of subcall function 006CDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,006CCF22,?), ref: 006CDE16

lstrcmpiW.KERNEL32(?,?), ref: 006CCF45
MoveFileW.KERNEL32(?,?), ref: 006CCF7F
_wcslen.LIBCMT ref: 006CD005
_wcslen.LIBCMT ref: 006CD01B
SHFileOperationW.SHELL32(?), ref: 006CD061

Strings

\*.*, xrefs: 006CCFF3

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 3164238972-1173974218
Opcode ID: a272fc53684079a7b24940a048b8ebd41bf1b5482b48d840ca16623e370ced46
Instruction ID: 9a269e891c4c017852f52ec053008a26c2065794b37cba5aa41fcba7db1decc2
Opcode Fuzzy Hash: a272fc53684079a7b24940a048b8ebd41bf1b5482b48d840ca16623e370ced46
Instruction Fuzzy Hash: 2F4144719052185EDF52EBA4C981FEDB7BAEF48390F0000EEE509EB141EA34A689CB54

Function 006F2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 006F2E1C
GetWindowLongW.USER32(?,000000F0), ref: 006F2E4F
GetWindowLongW.USER32(?,000000F0), ref: 006F2E84
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 006F2EB6
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 006F2EE0
GetWindowLongW.USER32(?,000000F0), ref: 006F2EF1
SetWindowLongW.USER32(?,000000F0,00000000), ref: 006F2F0B

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: 02c95efeea3832b7115fce29850a7b29be230bac4e894b2621c6629483875ff4
Instruction ID: 6899685919fc1254b21ee46ebb6bb0fc0b995a3aad08d3a6ac10626f803b1155
Opcode Fuzzy Hash: 02c95efeea3832b7115fce29850a7b29be230bac4e894b2621c6629483875ff4
Instruction Fuzzy Hash: FA31143064514A9FEB208F18DD94FA537E2EB4A721F2551A4FA00CF2B1CB71A841DF00

Function 006C7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006C7769
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006C778F
SysAllocString.OLEAUT32(00000000), ref: 006C7792
SysAllocString.OLEAUT32(?), ref: 006C77B0
SysFreeString.OLEAUT32(?), ref: 006C77B9
StringFromGUID2.OLE32(?,?,00000028), ref: 006C77DE
SysAllocString.OLEAUT32(?), ref: 006C77EC

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 36353b487a4daf13a8ef26829ce787d1f8fd78162304829f850da21d295e5f18
Instruction ID: be9128414d00542e35a7c09dd0c8a6ef1ec69cf513e0b8b076f412f7ed2b74e0
Opcode Fuzzy Hash: 36353b487a4daf13a8ef26829ce787d1f8fd78162304829f850da21d295e5f18
Instruction Fuzzy Hash: 67217F7660821DAFDB10DFA8CD88DFA77AEEB097647048029F915DB250D670DC45CB74

Function 006C77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006C7842
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006C7868
SysAllocString.OLEAUT32(00000000), ref: 006C786B
SysAllocString.OLEAUT32 ref: 006C788C
SysFreeString.OLEAUT32 ref: 006C7895
StringFromGUID2.OLE32(?,?,00000028), ref: 006C78AF
SysAllocString.OLEAUT32(?), ref: 006C78BD

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 8c8d74bac0aa0f50f46d5181db4109fc25061a4e688278df9d322173f6d2bfd1
Instruction ID: 3097635766aa4a22125cba35daf52090621c383b90ca411d914c1b75ed529e83
Opcode Fuzzy Hash: 8c8d74bac0aa0f50f46d5181db4109fc25061a4e688278df9d322173f6d2bfd1
Instruction Fuzzy Hash: DC214435609108BFDB10AFA8DC8DEBA77EDEB097607108139FA15CB2A1D674DC41CB64

Function 006D04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 006D04F2
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 006D052E

Strings

nul, xrefs: 006D0567

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 1a8ef03600fb674e615dbdd2b070c729a13b087ecf024c87b83a82c24b661d93
Instruction ID: 0e7523305236aadc39cf5c415b63250afec6e4da8334dc141dd027a297647c6d
Opcode Fuzzy Hash: 1a8ef03600fb674e615dbdd2b070c729a13b087ecf024c87b83a82c24b661d93
Instruction Fuzzy Hash: B8215EB5D00305EBEB209F29E945BAA77A6AF45724F204A1AECA1D73E0D7709950DF20

Function 006D05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 006D05C6
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 006D0601

Strings

nul, xrefs: 006D0639

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: dc9cf1f2fb9a91a4e8052e1e70b8e0479025832946aceadcb1f767a8cc8fc784
Instruction ID: e0daaf98d8dcea1e74551a2b8f3bb57480ab83f439a5525f9f4c7713e33a67c3
Opcode Fuzzy Hash: dc9cf1f2fb9a91a4e8052e1e70b8e0479025832946aceadcb1f767a8cc8fc784
Instruction Fuzzy Hash: A8215175D003459BEB209F799C04BAA77E6AF95730F200A1AF8A1E73E0D770D961CB60

Function 006F40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0066600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0066604C
Part of subcall function 0066600E: GetStockObject.GDI32(00000011), ref: 00666060
Part of subcall function 0066600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0066606A

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 006F4112
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 006F411F
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 006F412A
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 006F4139
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 006F4145

Strings

Msctls_Progress32, xrefs: 006F40E3

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 3ea986d15074d497c73f7dd02bc740610289dd7027e094c2be9a459f6a1018bc
Instruction ID: f64e1d339063a1ed5c7862adbf7bfa9553e062a6b9c53ce4c3bae21f7bd66afe
Opcode Fuzzy Hash: 3ea986d15074d497c73f7dd02bc740610289dd7027e094c2be9a459f6a1018bc
Instruction Fuzzy Hash: F8118EB214021DBEEB118F64CC85EF77F5EEF087A8F014110BB18A2150CA769C21DBA4

Function 0069D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0069D7A3: _free.LIBCMT ref: 0069D7CC

_free.LIBCMT ref: 0069D82D

Part of subcall function 006929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000), ref: 006929DE
Part of subcall function 006929C8: GetLastError.KERNEL32(00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000,00000000), ref: 006929F0

_free.LIBCMT ref: 0069D838
_free.LIBCMT ref: 0069D843
_free.LIBCMT ref: 0069D897
_free.LIBCMT ref: 0069D8A2
_free.LIBCMT ref: 0069D8AD
_free.LIBCMT ref: 0069D8B8

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction ID: 38e6aeca5e90b299740c396fd98ae14dbd70162d9a4ed0e801b8991c3c7ee200
Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction Fuzzy Hash: 26112C71540B04BADEA1BFF1CC46FCB7B9E6F00710F400829B29DAA892DA65E50546A4

Function 006CDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 006CDA74
LoadStringW.USER32(00000000), ref: 006CDA7B
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 006CDA91
LoadStringW.USER32(00000000), ref: 006CDA98
MessageBoxW.USER32(00000000,?,?,00011010), ref: 006CDADC

Strings

%s (%d) : ==> %s: %s %s, xrefs: 006CDAB9

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: 01a3874f40131da39004cf098e179594408ff0137998d2dd54914f60d5c89eda
Instruction ID: 0693f500187e543cba09dc30c665d8d735854479d2383d02d4debc645ba78e8e
Opcode Fuzzy Hash: 01a3874f40131da39004cf098e179594408ff0137998d2dd54914f60d5c89eda
Instruction Fuzzy Hash: 01016DF290020C7FE710EBA4DE89EFB766DEB08711F4014A6B746E2141EA749E848F74

Function 006D096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(00CCE290,00CCE290), ref: 006D097B
EnterCriticalSection.KERNEL32(00CCE270,00000000), ref: 006D098D
TerminateThread.KERNEL32(?,000001F6), ref: 006D099B
WaitForSingleObject.KERNEL32(?,000003E8), ref: 006D09A9
CloseHandle.KERNEL32(?), ref: 006D09B8
InterlockedExchange.KERNEL32(00CCE290,000001F6), ref: 006D09C8
LeaveCriticalSection.KERNEL32(00CCE270), ref: 006D09CF

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: b4a20f85196b5396646d89d3ab5bb3edfd67e7ceeec8b2395dab692d5045d360
Instruction ID: 3f4559a409eae0d7313da7c52f31876293d323a76c30b5899d93f9e7d45ce927
Opcode Fuzzy Hash: b4a20f85196b5396646d89d3ab5bb3edfd67e7ceeec8b2395dab692d5045d360
Instruction Fuzzy Hash: 6AF01D32442906ABE7415B94EF88BE67A26FF01712F403016F101948A0C7749565DF90

Function 00665D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 00665D30
GetWindowRect.USER32(?,?), ref: 00665D71
ScreenToClient.USER32(?,?), ref: 00665D99
GetClientRect.USER32(?,?), ref: 00665ED7
GetWindowRect.USER32(?,?), ref: 00665EF8

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 496b2cde17c0c7f3df03b7b245fb5e0357ede3ccf146d5cc59d14a7d81432dba
Instruction ID: 196b818b0f2a3d9f8609133c765990b2a74792a28ac268825a65b1868bcd6563
Opcode Fuzzy Hash: 496b2cde17c0c7f3df03b7b245fb5e0357ede3ccf146d5cc59d14a7d81432dba
Instruction Fuzzy Hash: BDB16934A0064ADBDB10DFA9C8817EAB7F2FF48310F14941AE8AAD7250DB34EA51DB54

Function 006901B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 006900BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006900D6
__allrem.LIBCMT ref: 006900ED
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0069010B
__allrem.LIBCMT ref: 00690122
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00690140

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction ID: 4cec039e8a5bf9371cba133158c50ab1b308ef67e9781231409a79b84d06a2a6
Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction Fuzzy Hash: 2B81E576A007069FEB24AF68CC41BAA73EFAF45724F24463EF551DAB81E770D9008B54

Function 006E1D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON

Download Yara Rule

APIs

Part of subcall function 006E3149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,006E101C,00000000,?,?,00000000), ref: 006E3195

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 006E1DC0
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 006E1DE1
WSAGetLastError.WSOCK32 ref: 006E1DF2
inet_ntoa.WSOCK32(?), ref: 006E1E8C
htons.WSOCK32(?,?,?,?,?), ref: 006E1EDB
_strlen.LIBCMT ref: 006E1F35

Part of subcall function 006C39E8: _strlen.LIBCMT ref: 006C39F2

Part of subcall function 00666D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,0067CF58,?,?,?), ref: 00666DBA
Part of subcall function 00666D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,0067CF58,?,?,?), ref: 00666DED

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
String ID:
API String ID: 1923757996-0
Opcode ID: e92dd56b2ea193334bbd63250abbf125e69bda270788440c281952cf9cb21d1f
Instruction ID: f164f94bc43cc778898a8f7ad17343b53027a9b67efcddf289a3582406e238d5
Opcode Fuzzy Hash: e92dd56b2ea193334bbd63250abbf125e69bda270788440c281952cf9cb21d1f
Instruction Fuzzy Hash: 88A1BE31204380AFD324DF25C895F6A7BE6AF85318F54894CF45A9F2A2DB31ED46CB91

Function 006961FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,006882D9,006882D9,?,?,?,0069644F,00000001,00000001,8BE85006), ref: 00696258
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0069644F,00000001,00000001,8BE85006,?,?,?), ref: 006962DE
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 006963D8
__freea.LIBCMT ref: 006963E5

Part of subcall function 00693820: RtlAllocateHeap.NTDLL(00000000,?,00731444,?,0067FDF5,?,?,0066A976,00000010,00731440,006613FC,?,006613C6,?,00661129), ref: 00693852

__freea.LIBCMT ref: 006963EE
__freea.LIBCMT ref: 00696413

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 3dde58ae1fa36852009d429fc5e97124bcb2e3ad697ef6c298ebe70a4a8659c4
Instruction ID: 8f821aa4417562340e03f2272ee240ea91962518be52e3ce88d7ec10f178f52a
Opcode Fuzzy Hash: 3dde58ae1fa36852009d429fc5e97124bcb2e3ad697ef6c298ebe70a4a8659c4
Instruction Fuzzy Hash: 0751CE72A00316ABEF268F64CD81EBF77AFEB44750F154629F805D6680EB34DD51C6A0

Function 006EBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

Part of subcall function 006EC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,006EB6AE,?,?), ref: 006EC9B5
Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006EC9F1
Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006ECA68
Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006ECA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006EBCCA
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 006EBD25
RegCloseKey.ADVAPI32(00000000), ref: 006EBD6A
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 006EBD99
RegCloseKey.ADVAPI32(?,?,00000000), ref: 006EBDF3
RegCloseKey.ADVAPI32(?), ref: 006EBDFF

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 1120388591-0
Opcode ID: 8ac57ee29c1cd0fac0ad5aa662dfc85b4bf2f04f3082fe885668214e9923b33e
Instruction ID: 8b36c42c940c659a7e395425e1e1a4dde79633ecc6a10fdf91bb8d182ffcbc96
Opcode Fuzzy Hash: 8ac57ee29c1cd0fac0ad5aa662dfc85b4bf2f04f3082fe885668214e9923b33e
Instruction Fuzzy Hash: 12818C30109381AFD714DF25C895E6ABBE6FF84308F14995CF4598B2A2DB31ED45CB92

Function 006BF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000035), ref: 006BF7B9
SysAllocString.OLEAUT32(00000001), ref: 006BF860
VariantCopy.OLEAUT32(006BFA64,00000000), ref: 006BF889
VariantClear.OLEAUT32(006BFA64), ref: 006BF8AD
VariantCopy.OLEAUT32(006BFA64,00000000), ref: 006BF8B1
VariantClear.OLEAUT32(?), ref: 006BF8BB

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Variant$ClearCopy$AllocInitString
String ID:
API String ID: 3859894641-0
Opcode ID: bd011b1f036fa5d6445bcafc6824f52ae4171cf3a22a7894a9852c933dcd82e8
Instruction ID: 3c7dc53f4a25a2aa92e836d657038723f30d002a5b68d22b558c5ad603d57002
Opcode Fuzzy Hash: bd011b1f036fa5d6445bcafc6824f52ae4171cf3a22a7894a9852c933dcd82e8
Instruction Fuzzy Hash: 4551D871900310BACF646B65DC95BA9B3E7EF45710B20947BE905DF2A1DB708C81CB9A

Function 006D910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON

Download Yara Rule

APIs

Part of subcall function 00667620: _wcslen.LIBCMT ref: 00667625

Part of subcall function 00666B57: _wcslen.LIBCMT ref: 00666B6A

GetOpenFileNameW.COMDLG32(00000058), ref: 006D94E5
_wcslen.LIBCMT ref: 006D9506
_wcslen.LIBCMT ref: 006D952D
GetSaveFileNameW.COMDLG32(00000058), ref: 006D9585

Strings

X, xrefs: 006D9412

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _wcslen$FileName$OpenSave
String ID: X
API String ID: 83654149-3081909835
Opcode ID: b755bb9db944a1c083c2dd7eed823a72ea2dc21bedeb45d57c76c9ef2afee9aa
Instruction ID: 0d52f7d045e7a417f4f26b961642c245cae3c71218c4ec2ac0a48f8bc7ed9d85
Opcode Fuzzy Hash: b755bb9db944a1c083c2dd7eed823a72ea2dc21bedeb45d57c76c9ef2afee9aa
Instruction Fuzzy Hash: AFE1B531904340DFD764EF24C881A6AB7E6BF85314F14896DF8899B3A2DB31DD05CBA5

Function 0067920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 00679BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00679BB2

BeginPaint.USER32(?,?,?), ref: 00679241
GetWindowRect.USER32(?,?), ref: 006792A5
ScreenToClient.USER32(?,?), ref: 006792C2
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 006792D3
EndPaint.USER32(?,?,?,?,?), ref: 00679321
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 006B71EA

Part of subcall function 00679339: BeginPath.GDI32(00000000), ref: 00679357

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
String ID:
API String ID: 3050599898-0
Opcode ID: 730cf408954c710a3900013c189ec5d5b892e449347fee79072649e76ddb9cb4
Instruction ID: 2ff7d99010ccdc2fdf8dcca6048ad8740cd124c14bdd4d77c5e0fd14f2208ab6
Opcode Fuzzy Hash: 730cf408954c710a3900013c189ec5d5b892e449347fee79072649e76ddb9cb4
Instruction Fuzzy Hash: BD41B270104200AFE710DF24CC84FBA7BFAEB85331F144269F969872A2C731A945DB71

Function 006D07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 006D080C
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 006D0847
EnterCriticalSection.KERNEL32(?), ref: 006D0863
LeaveCriticalSection.KERNEL32(?), ref: 006D08DC
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 006D08F3
InterlockedExchange.KERNEL32(?,000001F6), ref: 006D0921

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: 50b91dda2395a9de8a893101e190ae44ff0d36a376554a1c1c5743bb5d7ba5bc
Instruction ID: a1d9712293c1d4f252a7267229c1e2c323a7d5aebc65056d6f8575700d414923
Opcode Fuzzy Hash: 50b91dda2395a9de8a893101e190ae44ff0d36a376554a1c1c5743bb5d7ba5bc
Instruction Fuzzy Hash: 10415C71900209EBEF14EF54DC85AAA777AFF04310F1480A9ED049E297DB70DE65DBA4

Function 006F81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,006BF3AB,00000000,?,?,00000000,?,006B682C,00000004,00000000,00000000), ref: 006F824C
EnableWindow.USER32(?,00000000), ref: 006F8272
ShowWindow.USER32(FFFFFFFF,00000000), ref: 006F82D1
ShowWindow.USER32(?,00000004), ref: 006F82E5
EnableWindow.USER32(?,00000001), ref: 006F830B
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 006F832F

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: d2ac4972d799ad626cd9adceff7c2d0931cd1d2c6378b694415277ba359ad234
Instruction ID: 48a7ac3a835d35bf3c8488ae4deaeea6fe23d3d7c7b4d1bdbf9cadb559b0ebea
Opcode Fuzzy Hash: d2ac4972d799ad626cd9adceff7c2d0931cd1d2c6378b694415277ba359ad234
Instruction Fuzzy Hash: 9F41923060164CEFDB11CF54C899BF87BE2BB0A715F1851E9E6084B272CB31B945CB94

Function 006C4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 006C4C95
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 006C4CB2
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 006C4CEA
_wcslen.LIBCMT ref: 006C4D08
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 006C4D10
_wcsstr.LIBVCRUNTIME ref: 006C4D1A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: a4c4982d20b988cde17e11065d19b45c1bb7d6d267dba624b07a2eaa76b795e7
Instruction ID: 4c26439b82080cf0dbc61d2e1f4c85603b6b7cba0b8e84c5bab953324b2f6d33
Opcode Fuzzy Hash: a4c4982d20b988cde17e11065d19b45c1bb7d6d267dba624b07a2eaa76b795e7
Instruction Fuzzy Hash: AE21FC316041057BEB15AB39DD59F7B7B9EDF45760F10802DF809CA191EE61DC01D7A0

Function 006D581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON

Download Yara Rule

APIs

Part of subcall function 00663AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00663A97,?,?,00662E7F,?,?,?,00000000), ref: 00663AC2

_wcslen.LIBCMT ref: 006D587B
CoInitialize.OLE32(00000000), ref: 006D5995
CoCreateInstance.OLE32(006FFCF8,00000000,00000001,006FFB68,?), ref: 006D59AE
CoUninitialize.OLE32 ref: 006D59CC

Strings

.lnk, xrefs: 006D5876, 006D58C1, 006D5985

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
String ID: .lnk
API String ID: 3172280962-24824748
Opcode ID: 9f4c929b9d87376ca5da2734c89ac57538e1a9ddbb7e6e2da8c9a633ee6de9bc
Instruction ID: 35906c8b6a88b7a81db077ba155b9503b59bfab35248c701b2479d7870cffe09
Opcode Fuzzy Hash: 9f4c929b9d87376ca5da2734c89ac57538e1a9ddbb7e6e2da8c9a633ee6de9bc
Instruction Fuzzy Hash: 49D14471A047019FC714DF24C49096ABBE6FF89724F14895EF88A9B361DB31EC45CB92

Function 006C175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 006C0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 006C0FCA
Part of subcall function 006C0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 006C0FD6
Part of subcall function 006C0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 006C0FE5
Part of subcall function 006C0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 006C0FEC
Part of subcall function 006C0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 006C1002

GetLengthSid.ADVAPI32(?,00000000,006C1335), ref: 006C17AE
GetProcessHeap.KERNEL32(00000008,00000000), ref: 006C17BA
HeapAlloc.KERNEL32(00000000), ref: 006C17C1
CopySid.ADVAPI32(00000000,00000000,?), ref: 006C17DA
GetProcessHeap.KERNEL32(00000000,00000000,006C1335), ref: 006C17EE
HeapFree.KERNEL32(00000000), ref: 006C17F5

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: 92d33fa9ea34ccc45817f735ebd2991c7bfae4c03255485be54c6797a59fd802
Instruction ID: 702614b57b2227070154f5c18c942e4c63f30c1f0e6dbe0c1ba560c148731ff5
Opcode Fuzzy Hash: 92d33fa9ea34ccc45817f735ebd2991c7bfae4c03255485be54c6797a59fd802
Instruction Fuzzy Hash: 22115931500209EFDB109BA4CD49FFE7BAAEF46365F10441CE4819B211D736AA55DBA0

Function 006C14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 006C14FF
OpenProcessToken.ADVAPI32(00000000), ref: 006C1506
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 006C1515
CloseHandle.KERNEL32(00000004), ref: 006C1520
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 006C154F
DestroyEnvironmentBlock.USERENV(00000000), ref: 006C1563

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: ed6e1d9f514ea5fb50d680fe587ffd171d63df5222974dc2cceef6a8cf5bee63
Instruction ID: a94d064ad6e07af22886508517f792a3b59d3deb777d5c2b7c0c295c876cfd17
Opcode Fuzzy Hash: ed6e1d9f514ea5fb50d680fe587ffd171d63df5222974dc2cceef6a8cf5bee63
Instruction Fuzzy Hash: F3116D7250020DABDF11CF94DE49FEE7BAAEF4A754F044018FA05A6160C372CE65EB60

Function 00683382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00683379,00682FE5), ref: 00683390
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0068339E
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 006833B7
SetLastError.KERNEL32(00000000,?,00683379,00682FE5), ref: 00683409

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 08aaf63c73f61d3a6e1ae1797078db90aa84274f61611a0a56a8e7a2df95a400
Instruction ID: 4334ccbe2ff3c6d2a27abfbe8a823fea8b2a159cf2ef7d45d1253f13fd4a5878
Opcode Fuzzy Hash: 08aaf63c73f61d3a6e1ae1797078db90aa84274f61611a0a56a8e7a2df95a400
Instruction Fuzzy Hash: AD01B533609331BFAB7537786C859AA2A96EB25B75720432DF410853F1EF154D025788

Function 00692D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00695686,006A3CD6,?,00000000,?,00695B6A,?,?,?,?,?,0068E6D1,?,00728A48), ref: 00692D78
_free.LIBCMT ref: 00692DAB
_free.LIBCMT ref: 00692DD3
SetLastError.KERNEL32(00000000,?,?,?,?,0068E6D1,?,00728A48,00000010,00664F4A,?,?,00000000,006A3CD6), ref: 00692DE0
SetLastError.KERNEL32(00000000,?,?,?,?,0068E6D1,?,00728A48,00000010,00664F4A,?,?,00000000,006A3CD6), ref: 00692DEC
_abort.LIBCMT ref: 00692DF2

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: 6f6b3073ddab0a8b90fdbdcdfc619e51801c4f02b36be7f30180c56a39524a40
Instruction ID: 0bf6891f7be22e75d1ad8a19b545897f6424dfeb07df8ea615a22d0b00d5df2e
Opcode Fuzzy Hash: 6f6b3073ddab0a8b90fdbdcdfc619e51801c4f02b36be7f30180c56a39524a40
Instruction Fuzzy Hash: 17F0283250460277CF626334BC36E6F255FAFC17B0F20401DF824D2ED2EE24880651A4

Function 006F8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00679639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00679693
Part of subcall function 00679639: SelectObject.GDI32(?,00000000), ref: 006796A2
Part of subcall function 00679639: BeginPath.GDI32(?), ref: 006796B9
Part of subcall function 00679639: SelectObject.GDI32(?,00000000), ref: 006796E2

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 006F8A4E
LineTo.GDI32(?,00000003,00000000), ref: 006F8A62
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 006F8A70
LineTo.GDI32(?,00000000,00000003), ref: 006F8A80
EndPath.GDI32(?), ref: 006F8A90
StrokePath.GDI32(?), ref: 006F8AA0

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 63a6ec85ee43f7e4b559baf06059c95193c135811e68a0eff4a8bc44d28974ae
Instruction ID: 0f770a31647b35152080ad033d291129deb28c377ca77c3b1e36c16a37a5f79a
Opcode Fuzzy Hash: 63a6ec85ee43f7e4b559baf06059c95193c135811e68a0eff4a8bc44d28974ae
Instruction Fuzzy Hash: 1B110C7600014DFFEB119F90DC48EAA7F6DEB04364F008052BA1996161C7729D55DB60

Function 006C51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 006C5218
GetDeviceCaps.GDI32(00000000,00000058), ref: 006C5229
GetDeviceCaps.GDI32(00000000,0000005A), ref: 006C5230
ReleaseDC.USER32(00000000,00000000), ref: 006C5238
MulDiv.KERNEL32(000009EC,?,00000000), ref: 006C524F
MulDiv.KERNEL32(000009EC,00000001,?), ref: 006C5261

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 097f2cda054803bef38ff852ff838eeff8c21462c21dc17e33c917c5b39e3ff0
Instruction ID: e3a7fba895dffde2b661773598a2305132ae3ef26d84159e2809c9279542067a
Opcode Fuzzy Hash: 097f2cda054803bef38ff852ff838eeff8c21462c21dc17e33c917c5b39e3ff0
Instruction Fuzzy Hash: 11018475A04708BBEB109BA59D49F6EBFB9EB44361F044065FA05E7380DA709900CB60

Function 00661BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 00661BF4
MapVirtualKeyW.USER32(00000010,00000000), ref: 00661BFC
MapVirtualKeyW.USER32(000000A0,00000000), ref: 00661C07
MapVirtualKeyW.USER32(000000A1,00000000), ref: 00661C12
MapVirtualKeyW.USER32(00000011,00000000), ref: 00661C1A
MapVirtualKeyW.USER32(00000012,00000000), ref: 00661C22

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: 2ae9f83fbf093dfe0343a59c2dc6071ecc71f44498094d9a131853c7f9876228
Instruction ID: b4081a0fd309a50a30a59c8250489170e6133683d2d63b5769ac73df6852effe
Opcode Fuzzy Hash: 2ae9f83fbf093dfe0343a59c2dc6071ecc71f44498094d9a131853c7f9876228
Instruction Fuzzy Hash: F4016CB09027597DE3008F5A8C85B52FFA8FF19354F00411B915C47941C7F5A864CBE5

Function 006CEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 006CEB30
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 006CEB46
GetWindowThreadProcessId.USER32(?,?), ref: 006CEB55
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 006CEB64
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 006CEB6E
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 006CEB75

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: 0be96f6d2ee06a8499343b7f1f2adef0f68bbf30f01c21bdef651527a4f2e297
Instruction ID: aba954e36eedd48f1d7c4986f88b599d71dc8aaed8044b2e3781f38e4f693a24
Opcode Fuzzy Hash: 0be96f6d2ee06a8499343b7f1f2adef0f68bbf30f01c21bdef651527a4f2e297
Instruction Fuzzy Hash: 87F03A7224055CBBE7219B629E0EEFF3A7DEFCBB21F001158F601D1191DBA05A01D6B5

Function 006B7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 006B7452
SendMessageW.USER32(?,00001328,00000000,?), ref: 006B7469
GetWindowDC.USER32(?), ref: 006B7475
GetPixel.GDI32(00000000,?,?), ref: 006B7484
ReleaseDC.USER32(?,00000000), ref: 006B7496
GetSysColor.USER32(00000005), ref: 006B74B0

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ClientColorMessagePixelRectReleaseSendWindow
String ID:
API String ID: 272304278-0
Opcode ID: dfbd650b70474ac875dff95ba68d3c1d5c0dfcb2cd359ac192c910794bd4ce43
Instruction ID: bf665514ceb7f903e973d9230785fb384b9fe3378e07c9741d5c0571f846249a
Opcode Fuzzy Hash: dfbd650b70474ac875dff95ba68d3c1d5c0dfcb2cd359ac192c910794bd4ce43
Instruction Fuzzy Hash: 2B018B31404209EFEB105F64DD08BFE7BB6FB04322F605060F915A22A0CB312E51EB10

Function 006C1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 006C187F
UnloadUserProfile.USERENV(?,?), ref: 006C188B
CloseHandle.KERNEL32(?), ref: 006C1894
CloseHandle.KERNEL32(?), ref: 006C189C
GetProcessHeap.KERNEL32(00000000,?), ref: 006C18A5
HeapFree.KERNEL32(00000000), ref: 006C18AC

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: ac9c4ac9dc297c2134e3036065104849c5b331d4d875043eb898665040b695be
Instruction ID: 1924fc672279b3fd904e823349576bd15347ec2f26a3c79a4d4b4ac35a341f86
Opcode Fuzzy Hash: ac9c4ac9dc297c2134e3036065104849c5b331d4d875043eb898665040b695be
Instruction Fuzzy Hash: 61E0E536004909BBDB01AFA1EE0CD1ABF3AFF4AB32B109220F22581070CB329430EF50

Function 0066BBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 0066BEB3

Strings

D%s, xrefs: 0066BCA2
D%s, xrefs: 0066BDED, 0066BD91, 0066BD1B
D%sD%s, xrefs: 0066BCA5
D%s, xrefs: 0066BE9A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: D%s$D%s$D%s$D%sD%s
API String ID: 1385522511-2682592477
Opcode ID: b1589c63d0b4f11b73faafa1d709ddc4eb009620c919eb7b98a187185417a607
Instruction ID: 7b14ba81f19be18ade62e240816429c707eed32122a08de2dd63deedffe367a3
Opcode Fuzzy Hash: b1589c63d0b4f11b73faafa1d709ddc4eb009620c919eb7b98a187185417a607
Instruction Fuzzy Hash: 5F913A75A0021ADFCB18CF59C0906AABBF2FF58314F249169D945EB351E731EE82CB90

Function 006E7B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 00680242: EnterCriticalSection.KERNEL32(0073070C,00731884,?,?,0067198B,00732518,?,?,?,006612F9,00000000), ref: 0068024D
Part of subcall function 00680242: LeaveCriticalSection.KERNEL32(0073070C,?,0067198B,00732518,?,?,?,006612F9,00000000), ref: 0068028A

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

Part of subcall function 006800A3: __onexit.LIBCMT ref: 006800A9

__Init_thread_footer.LIBCMT ref: 006E7BFB

Part of subcall function 006801F8: EnterCriticalSection.KERNEL32(0073070C,?,?,00678747,00732514), ref: 00680202
Part of subcall function 006801F8: LeaveCriticalSection.KERNEL32(0073070C,?,00678747,00732514), ref: 00680235

Strings

5, xrefs: 006E7C78
G, xrefs: 006E7C7F
+Tk, xrefs: 006E7E2E
Variable must be of type 'Object'., xrefs: 006E7C3A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
String ID: +Tk$5$G$Variable must be of type 'Object'.
API String ID: 535116098-3356992489
Opcode ID: 25f703cd0c75659b4b7dccbc9eb30e65b2aab03e49e732c9aeff533560fe7769
Instruction ID: 0a748457d1797dd4ab97e87b7e5d1a8d34bb54968a4f8d225a84df9d8706fae8
Opcode Fuzzy Hash: 25f703cd0c75659b4b7dccbc9eb30e65b2aab03e49e732c9aeff533560fe7769
Instruction Fuzzy Hash: 5D919970A05249EFCB14EF96D9919ADB7B7EF48300F20805DF806AB392DB71AE41CB55

Function 006CC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00667620: _wcslen.LIBCMT ref: 00667625

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 006CC6EE
_wcslen.LIBCMT ref: 006CC735
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 006CC79C
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 006CC7CA

Strings

0, xrefs: 006CC6AF

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: ca328f7948336ceb1d7985dad38b8ffdb4119bc633bbb3693b1480edfa7f531f
Instruction ID: 6f7efd73b1b2b47e93e30a183fcf5f1a74b8e612d58ffbbcae999ab76b916eba
Opcode Fuzzy Hash: ca328f7948336ceb1d7985dad38b8ffdb4119bc633bbb3693b1480edfa7f531f
Instruction Fuzzy Hash: CB51DE716043009BD7509F28C985FBBB7EAEF49320F040A2DF999E32A1DB74D804CB66

Function 006EAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 006EAEA3

Part of subcall function 00667620: _wcslen.LIBCMT ref: 00667625

GetProcessId.KERNEL32(00000000), ref: 006EAF38
CloseHandle.KERNEL32(00000000), ref: 006EAF67

Strings

@, xrefs: 006EAE72
<, xrefs: 006EAE6B

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: e179ab7c4384d6597a77fac875a0eed9116787fa8911e6790b0d182dfd602a58
Instruction ID: 7396a3e04b6252fa054e9d0c5c112e384d0c08c089004013959385862b16db45
Opcode Fuzzy Hash: e179ab7c4384d6597a77fac875a0eed9116787fa8911e6790b0d182dfd602a58
Instruction Fuzzy Hash: BD718770A00659DFCB14DFA5C484A9EBBF2BF08314F04849DE856AB3A2CB70ED45CB95

Function 006C719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 006C7206
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 006C723C
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 006C724D
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 006C72CF

Strings

DllGetClassObject, xrefs: 006C7242

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: 6c09e11bf0970c67a22ca1c62958eda5ed23dd17148d078278857a46996b70ae
Instruction ID: dea6399b02b0358e4d761201d5ce7335b1014b6b547a3f5be8d7545ae05d816d
Opcode Fuzzy Hash: 6c09e11bf0970c67a22ca1c62958eda5ed23dd17148d078278857a46996b70ae
Instruction Fuzzy Hash: 3C413BB1A04204AFDB15CF54C884FAA7BAAEF54310F2480ADFD059F20AD7B5DA45CFA0

Function 006F3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 006F3E35
IsMenu.USER32(?), ref: 006F3E4A
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 006F3E92
DrawMenuBar.USER32 ref: 006F3EA5

Strings

0, xrefs: 006F3D89

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert
String ID: 0
API String ID: 3076010158-4108050209
Opcode ID: 1ed5463de5bc473989170cc41069b4d5c8176aeaf0ff88b56a04df457ce94596
Instruction ID: 0a2863ef792f9ed604e5cb3e7b1c00b066a295fc9e1f36781646a93beca34931
Opcode Fuzzy Hash: 1ed5463de5bc473989170cc41069b4d5c8176aeaf0ff88b56a04df457ce94596
Instruction Fuzzy Hash: EF413675A0021DAFDF10DF50D884AEABBBAFF49364F04412AEA05A7350D730AE55CF50

Function 006C1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

Part of subcall function 006C3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 006C3CCA

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 006C1E66
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 006C1E79
SendMessageW.USER32(?,00000189,?,00000000), ref: 006C1EA9

Part of subcall function 00666B57: _wcslen.LIBCMT ref: 00666B6A

Strings

ComboBox, xrefs: 006C1DF0
ListBox, xrefs: 006C1E25

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend$_wcslen$ClassName
String ID: ComboBox$ListBox
API String ID: 2081771294-1403004172
Opcode ID: abca8920b1d0a4ecd5aa10f8a80752265a9f7543e52c8eb9f204a087e8c53515
Instruction ID: c12a062bd6fcc64cc1adcac74d84553ea9e1721b51540869d49814095c3dfa43
Opcode Fuzzy Hash: abca8920b1d0a4ecd5aa10f8a80752265a9f7543e52c8eb9f204a087e8c53515
Instruction Fuzzy Hash: BF21F371A00108BADB14AB64DD45DFFB7BADF4B360B10811DF825EB2E2DB74490AD620

Function 006EC9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 006EC9F1
_wcslen.LIBCMT ref: 006ECA68
_wcslen.LIBCMT ref: 006ECA9E
_wcslen.LIBCMT ref: 006ECAF9
_wcslen.LIBCMT ref: 006ECB2F
_wcslen.LIBCMT ref: 006ECB7F

Strings

HKEY_LOCAL_MACHINE, xrefs: 006ECA62, 006ECA67
HKLM, xrefs: 006ECA98, 006ECA9D

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _wcslen
String ID: HKEY_LOCAL_MACHINE$HKLM
API String ID: 176396367-4004644295
Opcode ID: ff38aaa4cb9e7a11aede76943fb28c378b1790fb3d9eccb11caa25b9997a605d
Instruction ID: 0997aa5a6a6938e2f7529bd3e5f6dd1a3ee42d6db4a6cf8f8c005a27a53c9152
Opcode Fuzzy Hash: ff38aaa4cb9e7a11aede76943fb28c378b1790fb3d9eccb11caa25b9997a605d
Instruction Fuzzy Hash: 1B31F573A023EA4BCB24EF2ED9404FE33935BA1760B154039E855AB344EA71CD42D3A0

Function 006F2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 006F2F8D
LoadLibraryW.KERNEL32(?), ref: 006F2F94
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 006F2FA9
DestroyWindow.USER32(?), ref: 006F2FB1

Strings

SysAnimate32, xrefs: 006F2F68

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend$DestroyLibraryLoadWindow
String ID: SysAnimate32
API String ID: 3529120543-1011021900
Opcode ID: 2ac664f9f686add7b494eb861eec2264e4732f25d39a26d6f20c488a9250ebe9
Instruction ID: 2f55b940da8b1f85bc2caed171f18faf900ff09ce7f084daa4d3df1bda7cb9a2
Opcode Fuzzy Hash: 2ac664f9f686add7b494eb861eec2264e4732f25d39a26d6f20c488a9250ebe9
Instruction Fuzzy Hash: 8121CD7126520EABEB104FA4DCA0EFB37BEEB59774F104628FA50D22A0D771DC519B60

Function 00684D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00684D1E,006928E9,?,00684CBE,006928E9,007288B8,0000000C,00684E15,006928E9,00000002), ref: 00684D8D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00684DA0
FreeLibrary.KERNEL32(00000000,?,?,?,00684D1E,006928E9,?,00684CBE,006928E9,007288B8,0000000C,00684E15,006928E9,00000002,00000000), ref: 00684DC3

Strings

mscoree.dll, xrefs: 00684D86
CorExitProcess, xrefs: 00684D98

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 324e2e65954f1a3f5a78a9d493368e8a75b1f74e59f6dcf8cb7f2a11d4b7b647
Instruction ID: 1d564d7b26385aad9a32a5cbc888d162cb9b6e39391962c48a991b924ba6169b
Opcode Fuzzy Hash: 324e2e65954f1a3f5a78a9d493368e8a75b1f74e59f6dcf8cb7f2a11d4b7b647
Instruction Fuzzy Hash: 15F03C35A40209ABDB11AB90DD49BEDBBB6EF44761F0002A8A805A26A0DF745954CB95

Function 00664E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00664EDD,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664E9C
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00664EAE
FreeLibrary.KERNEL32(00000000,?,?,00664EDD,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664EC0

Strings

Wow64DisableWow64FsRedirection, xrefs: 00664EA8
kernel32.dll, xrefs: 00664E94

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 145871493-3689287502
Opcode ID: 278fadac5212917d026bf08a2f858230d586c0113f5027cb3c72194fc10239de
Instruction ID: 3d1228a2f31e8a266ade925a07d2a3111fba3e589e1aa8e9f144cf0e38a31331
Opcode Fuzzy Hash: 278fadac5212917d026bf08a2f858230d586c0113f5027cb3c72194fc10239de
Instruction Fuzzy Hash: CCE08C36A026265BD3225B25AD18ABB6A6AAF81B72B051115FD04E2204DF64CD1580A0

Function 00664E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,006A3CDE,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664E62
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00664E74
FreeLibrary.KERNEL32(00000000,?,?,006A3CDE,?,00731418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00664E87

Strings

kernel32.dll, xrefs: 00664E5B
Wow64RevertWow64FsRedirection, xrefs: 00664E6E

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 145871493-1355242751
Opcode ID: 04fbc64e68c4d9d0ddcf6fcf1dcbf50a8032260eae97a07be306860a93cee637
Instruction ID: 07c9fb94ec6c9e344cd9a01c61f14e885749936ec19de283444e81c002aa3695
Opcode Fuzzy Hash: 04fbc64e68c4d9d0ddcf6fcf1dcbf50a8032260eae97a07be306860a93cee637
Instruction Fuzzy Hash: BAD05B395026367BD7325B257D1CDEF6A1BAF85F713050515F905E2214CF65CE11C5D0

Function 006D2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 006D2C05
DeleteFileW.KERNEL32(?), ref: 006D2C87
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 006D2C9D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 006D2CAE
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 006D2CC0

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: 3196028b1430eef014313f13cdf2a51f47dc3ff825c04e6454aa885a342dc593
Instruction ID: 240065f31bfe0405e86e09ab40b1510d8d6ee496796b1002fab84659aa1927f0
Opcode Fuzzy Hash: 3196028b1430eef014313f13cdf2a51f47dc3ff825c04e6454aa885a342dc593
Instruction Fuzzy Hash: B7B16F71D00119ABDF61EBA4CC95EDEB77EEF58310F1040AAF609E7241EA319E448F65

Function 006EA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 006EA427
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 006EA435
GetProcessIoCounters.KERNEL32(00000000,?), ref: 006EA468
CloseHandle.KERNEL32(?), ref: 006EA63D

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: ec7134cfd8f61d7d3d79d032c25f848d82e9c2165bcec793c1250e3e0b745abd
Instruction ID: 914747168f03359bd3773e8e17f345f8746cc5ec3da40b1b10daab6e73b7beb0
Opcode Fuzzy Hash: ec7134cfd8f61d7d3d79d032c25f848d82e9c2165bcec793c1250e3e0b745abd
Instruction Fuzzy Hash: 07A1AD716043009FE720DF25C886B2AB7E6AF84714F14885DF59ADB392DBB0EC41CB96

Function 006CE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 006CDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,006CCF22,?), ref: 006CDDFD

Part of subcall function 006CDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,006CCF22,?), ref: 006CDE16

Part of subcall function 006CE199: GetFileAttributesW.KERNEL32(?,006CCF95), ref: 006CE19A

lstrcmpiW.KERNEL32(?,?), ref: 006CE473
MoveFileW.KERNEL32(?,?), ref: 006CE4AC
_wcslen.LIBCMT ref: 006CE5EB
_wcslen.LIBCMT ref: 006CE603
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 006CE650

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: f3ff40d941e20dd19342220e363575ee492a5f6dbd30563d44d1b4c1ba3119b6
Instruction ID: 4d1dce47f1663729e1046bad336b3e4a21ad43ba69120b0d6189cf373a9828fe
Opcode Fuzzy Hash: f3ff40d941e20dd19342220e363575ee492a5f6dbd30563d44d1b4c1ba3119b6
Instruction Fuzzy Hash: A95184B24087455BC764EB90C881EEF73EEEF85340F00491EF589D3191EF75A688876A

Function 006EB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

Part of subcall function 006EC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,006EB6AE,?,?), ref: 006EC9B5
Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006EC9F1
Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006ECA68
Part of subcall function 006EC998: _wcslen.LIBCMT ref: 006ECA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 006EBAA5
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 006EBB00
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 006EBB63
RegCloseKey.ADVAPI32(?,?), ref: 006EBBA6
RegCloseKey.ADVAPI32(00000000), ref: 006EBBB3

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 826366716-0
Opcode ID: 02ce8c1ce8d87cb3a86f7eb42852d09c1457a4aa44413d74abb37c99ad3fb076
Instruction ID: 78d3ba18282b0f8c28a61d342013cc7712fb66cca05abb905ca9bb5f15ef05f3
Opcode Fuzzy Hash: 02ce8c1ce8d87cb3a86f7eb42852d09c1457a4aa44413d74abb37c99ad3fb076
Instruction Fuzzy Hash: A8615C31209341AFD714DF15C490E6ABBE6FF84318F14996CF4998B2A2DB31ED46CB92

Function 006C8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 006C8BCD
VariantClear.OLEAUT32 ref: 006C8C3E
VariantClear.OLEAUT32 ref: 006C8C9D
VariantClear.OLEAUT32(?), ref: 006C8D10
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 006C8D3B

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: 204c01c20dd70fc70b42b417a29f764856348895617c8b2deb4cc5221693d444
Instruction ID: 649ca378d83770b29b46a015e31ffeebcfd8022a2b2206ab865511c2ba5c6585
Opcode Fuzzy Hash: 204c01c20dd70fc70b42b417a29f764856348895617c8b2deb4cc5221693d444
Instruction Fuzzy Hash: 995159B5A00619EFCB14CF68D894EAAB7F9FF89310B158559E906DB350E730E911CB90

Function 006D8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 006D8BAE
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 006D8BDA
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 006D8C32
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 006D8C57
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 006D8C5F

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: fbe57fc72574408314475c1b8d5d82a0d053421004708ad0b5fc63c6e5b32080
Instruction ID: 049a260cc9e8f8c252731f5fb8631f3b13fb3decd6277b785c4549895b07c50b
Opcode Fuzzy Hash: fbe57fc72574408314475c1b8d5d82a0d053421004708ad0b5fc63c6e5b32080
Instruction Fuzzy Hash: 5B515D35A00214DFCB04DF64C885EA9BBF6FF48314F088499E84AAB362DB31ED51CB94

Function 006E8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,00000000,?), ref: 006E8F40
GetProcAddress.KERNEL32(00000000,?), ref: 006E8FD0
GetProcAddress.KERNEL32(00000000,00000000), ref: 006E8FEC
GetProcAddress.KERNEL32(00000000,?), ref: 006E9032
FreeLibrary.KERNEL32(00000000), ref: 006E9052

Part of subcall function 0067F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,006D1043,?,753CE610), ref: 0067F6E6
Part of subcall function 0067F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,006BFA64,00000000,00000000,?,?,006D1043,?,753CE610,?,006BFA64), ref: 0067F70D

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: e73be0bae4976623d468cbf4663b52ddab94435cc9c482cd2a0a1d0faf2606cd
Instruction ID: 0ff216f613f76f7516f0088beaf058dbdb8f639d8657069ad5c8bdb75f74f852
Opcode Fuzzy Hash: e73be0bae4976623d468cbf4663b52ddab94435cc9c482cd2a0a1d0faf2606cd
Instruction Fuzzy Hash: 81514A35601245DFCB15DF59C4948EDBBF2FF49324B0480A9E80AAB362DB31ED86CB90

Function 006F6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 006F6C33
SetWindowLongW.USER32(?,000000EC,?), ref: 006F6C4A
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 006F6C73
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,006DAB79,00000000,00000000), ref: 006F6C98
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 006F6CC7

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: 58130b69b01e3b8b7efc0dd43ae0ab014ea970e9338d83f189411c4cb5483dad
Instruction ID: 41b78ba32bc21977e83811c248bbd02bb68a5df55fe28aedc9b3319ed85f779f
Opcode Fuzzy Hash: 58130b69b01e3b8b7efc0dd43ae0ab014ea970e9338d83f189411c4cb5483dad
Instruction Fuzzy Hash: FD41AD35A0410CAFDB24CF68CD59FF97BA6EB09360F150268FA99E73A1C371AD51CA40

Function 00692051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 006920C3
_free.LIBCMT ref: 006920E3

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 07e7d12103b52150bd147d27670d75bcdf16cadbaa0333b9020381b32d6196ec
Instruction ID: df8156e0e2517f735accb9d25d6afd47c84696bd32a64d5907dd180a285d9963
Opcode Fuzzy Hash: 07e7d12103b52150bd147d27670d75bcdf16cadbaa0333b9020381b32d6196ec
Instruction Fuzzy Hash: 6741E432A00201AFCF20DF78C890A9DB7AAEF88314F158568E615EB751D631AD01CB80

Function 0067912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00679141
ScreenToClient.USER32(00000000,?), ref: 0067915E
GetAsyncKeyState.USER32(00000001), ref: 00679183
GetAsyncKeyState.USER32(00000002), ref: 0067919D

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: 965fefad7b3019e41d71cf8ff78aaeed950a9d3d7a6599808b586beab6be0af1
Instruction ID: 6f7d84c0806528fa62aa0a3014b4aeb892b2a3bc1c10bf4a985b56c0745c28d5
Opcode Fuzzy Hash: 965fefad7b3019e41d71cf8ff78aaeed950a9d3d7a6599808b586beab6be0af1
Instruction Fuzzy Hash: A441607190850BBBDF159F68C844BFEB7B6FB45324F248219E429A7290C73459A4CF61

Function 006D3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 006D38CB
TranslateAcceleratorW.USER32(?,00000000,?), ref: 006D3922
TranslateMessage.USER32(?), ref: 006D394B
DispatchMessageW.USER32(?), ref: 006D3955
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 006D3966

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchInputPeekState
String ID:
API String ID: 2256411358-0
Opcode ID: a19603784f1fd3cfc0c48f86eff6f0550126ef4422f8cd522c5e0da5883267ac
Instruction ID: 779df7ea51b098f2f5b29f6e407140daafc215f9d5930b621b907fd655bce826
Opcode Fuzzy Hash: a19603784f1fd3cfc0c48f86eff6f0550126ef4422f8cd522c5e0da5883267ac
Instruction Fuzzy Hash: AA31F770D043559EFB35CB349858BF637AAAB05311F44446FE462CA3A0F3F8A685DB16

Function 006DCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,006DC21E,00000000), ref: 006DCF38
InternetReadFile.WININET(?,00000000,?,?), ref: 006DCF6F
GetLastError.KERNEL32(?,00000000,?,?,?,006DC21E,00000000), ref: 006DCFB4
SetEvent.KERNEL32(?,?,00000000,?,?,?,006DC21E,00000000), ref: 006DCFC8
SetEvent.KERNEL32(?,?,00000000,?,?,?,006DC21E,00000000), ref: 006DCFF2

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: EventInternet$AvailableDataErrorFileLastQueryRead
String ID:
API String ID: 3191363074-0
Opcode ID: 5bfe4460f277b28298adef70a0bfeabbbde6cc3031d37a4f2b11d0578c1f8321
Instruction ID: 82e559052b3e1bf0970d3fd8c4a237ac172b923c6f64a23172fb5f9921ebeaab
Opcode Fuzzy Hash: 5bfe4460f277b28298adef70a0bfeabbbde6cc3031d37a4f2b11d0578c1f8321
Instruction Fuzzy Hash: DD312D7190460AAFDB20DFA5C9849EABBFBEF54361B10842EF516D2351DB30AE41DB60

Function 006C1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 006C1915
PostMessageW.USER32(00000001,00000201,00000001), ref: 006C19C1
Sleep.KERNEL32(00000000,?,?,?), ref: 006C19C9
PostMessageW.USER32(00000001,00000202,00000000), ref: 006C19DA
Sleep.KERNEL32(00000000,?,?,?,?), ref: 006C19E2

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: ffeed3d7dfc8c67c04ff326ac3a556b7ac471a7e8c6e131f75f92a7b21efcfbe
Instruction ID: d934124aa58bc90410f56458db7dcd4e5e8bcb26dfb990855b67831e6319283b
Opcode Fuzzy Hash: ffeed3d7dfc8c67c04ff326ac3a556b7ac471a7e8c6e131f75f92a7b21efcfbe
Instruction Fuzzy Hash: 9931AF71900219EFCB10CFA8C999BEE7BB6EB46325F104229F921AB2D1C7709954DB90

Function 006F5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001053,000000FF,?), ref: 006F5745
SendMessageW.USER32(?,00001074,?,00000001), ref: 006F579D
_wcslen.LIBCMT ref: 006F57AF
_wcslen.LIBCMT ref: 006F57BA
SendMessageW.USER32(?,00001002,00000000,?), ref: 006F5816

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend$_wcslen
String ID:
API String ID: 763830540-0
Opcode ID: dd75cbdf0e089295833bf0d936a0c3c2dca3cefbba22a3983f227f6e70c9d486
Instruction ID: 160cfccf8fda4f3b0919944a2ed0bd60fe99b47025bc800bed40466b64cda137
Opcode Fuzzy Hash: dd75cbdf0e089295833bf0d936a0c3c2dca3cefbba22a3983f227f6e70c9d486
Instruction Fuzzy Hash: 9A21857190461C9ADB209F64CC85AFD77BAFF04724F108216EB2AEA284D7708D85CF50

Function 006E0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 006E0951
GetForegroundWindow.USER32 ref: 006E0968
GetDC.USER32(00000000), ref: 006E09A4
GetPixel.GDI32(00000000,?,00000003), ref: 006E09B0
ReleaseDC.USER32(00000000,00000003), ref: 006E09E8

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: 0c6db85401c43133bbd718ef088223a6725b215ca813b5d1f00c46da48f3788b
Instruction ID: 9026121fdf3166060dcac80c0cc03dae1a24b1a9fa5325f24e9400f9f4b95fbc
Opcode Fuzzy Hash: 0c6db85401c43133bbd718ef088223a6725b215ca813b5d1f00c46da48f3788b
Instruction Fuzzy Hash: 95218135A00204AFD744EF65D985AAEBBE6EF45710F04846DE84AD7362DB70AC44CB90

Function 0069CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0069CDC6
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0069CDE9

Part of subcall function 00693820: RtlAllocateHeap.NTDLL(00000000,?,00731444,?,0067FDF5,?,?,0066A976,00000010,00731440,006613FC,?,006613C6,?,00661129), ref: 00693852

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0069CE0F
_free.LIBCMT ref: 0069CE22
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0069CE31

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: ea9e2123344e1a6cb417d1ca3c0d37293dcd31731a2638f8b41c3229dc38930e
Instruction ID: 42a9d488196ee41372bad966690834b143643a4d3e4493085f5fc269344b1a09
Opcode Fuzzy Hash: ea9e2123344e1a6cb417d1ca3c0d37293dcd31731a2638f8b41c3229dc38930e
Instruction Fuzzy Hash: 8F01F7726012167FAB2156BA6C9CCBB796FDEC6BB1315012DFD06C7700EA608D02C2F4

Function 00679639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00679693
SelectObject.GDI32(?,00000000), ref: 006796A2
BeginPath.GDI32(?), ref: 006796B9
SelectObject.GDI32(?,00000000), ref: 006796E2

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 899a57c70647b84d7b5aa8f57d3189de19d92d7057c9775fedfff993e8c785b5
Instruction ID: 1ef51786fc22fb8fe614ff1f05fc46b24ae56b762fe8ef217d4e2e4474f54615
Opcode Fuzzy Hash: 899a57c70647b84d7b5aa8f57d3189de19d92d7057c9775fedfff993e8c785b5
Instruction Fuzzy Hash: 03218070802345EBFB11DF24DD14BE93BEABB41726F508316F414A62B0D375A891CBA8

Function 006C5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 006C5726
_memcmp.LIBVCRUNTIME ref: 006C5744
_memcmp.LIBVCRUNTIME ref: 006C5757
_memcmp.LIBVCRUNTIME ref: 006C576F
_memcmp.LIBVCRUNTIME ref: 006C5787

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: ddd3365850281f45bd105d3c5fa793debb22c01ba35e9c518d4789d66fe1bf6f
Instruction ID: cc8212905e050f950586bcb47511610463babc44f0c3ca7bf18538d03394d2c8
Opcode Fuzzy Hash: ddd3365850281f45bd105d3c5fa793debb22c01ba35e9c518d4789d66fe1bf6f
Instruction Fuzzy Hash: E2019262641619BB921866109E92FFB735FDF22394B004029FE069F241FA60FD9282B9

Function 00692DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,0068F2DE,00693863,00731444,?,0067FDF5,?,?,0066A976,00000010,00731440,006613FC,?,006613C6), ref: 00692DFD
_free.LIBCMT ref: 00692E32
_free.LIBCMT ref: 00692E59
SetLastError.KERNEL32(00000000,00661129), ref: 00692E66
SetLastError.KERNEL32(00000000,00661129), ref: 00692E6F

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 0951780f15dfeff0bea382f12c9a656aa131d547b4893637144136c5bc6ee240
Instruction ID: 071b0a3e038c5bb2123650db2bf0184cadaa8389048b89b854bc4786f6482466
Opcode Fuzzy Hash: 0951780f15dfeff0bea382f12c9a656aa131d547b4893637144136c5bc6ee240
Instruction Fuzzy Hash: B701F4726056067BCF1267356CE6D7B269FAFD17B5B21402CF425A2B93EE648C0241A4

Function 006C000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,006BFF41,80070057,?,?,?,006C035E), ref: 006C002B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006BFF41,80070057,?,?), ref: 006C0046
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006BFF41,80070057,?,?), ref: 006C0054
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006BFF41,80070057,?), ref: 006C0064
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006BFF41,80070057,?,?), ref: 006C0070

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: 2d936c48c3b34c07cff6db782bcfe9003c910a4134b382d8055a4f01010775d6
Instruction ID: 65bab9a643740dd7400aeb06135ecee52c97afaf3b746ab208844efe856f61ec
Opcode Fuzzy Hash: 2d936c48c3b34c07cff6db782bcfe9003c910a4134b382d8055a4f01010775d6
Instruction Fuzzy Hash: 53017472600208EBEB104F68DD08FBA7AAEEB487A2F155128F905D2210EB71DD408BA0

Function 006CE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 006CE997
QueryPerformanceFrequency.KERNEL32(?), ref: 006CE9A5
Sleep.KERNEL32(00000000), ref: 006CE9AD
QueryPerformanceCounter.KERNEL32(?), ref: 006CE9B7
Sleep.KERNEL32 ref: 006CE9F3

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: 77fe3334644f95f814bb3f16e7c9617fbda25bf550d64aa47369ff7a5cc82e56
Instruction ID: bff0d4909efceb1836a3de3ac0d333f4bce3b690b722d10714f4c3b3324f44cf
Opcode Fuzzy Hash: 77fe3334644f95f814bb3f16e7c9617fbda25bf550d64aa47369ff7a5cc82e56
Instruction Fuzzy Hash: FB015331C0162DDBCF00EBE4D959AFDBB7AFF09310F00454AE902B2241CB399661CBA2

Function 006C10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 006C1114
GetLastError.KERNEL32(?,00000000,00000000,?,?,006C0B9B,?,?,?), ref: 006C1120
GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,006C0B9B,?,?,?), ref: 006C112F
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,006C0B9B,?,?,?), ref: 006C1136
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 006C114D

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: fb65eb4f81e650295e1780febb60d6ac98f3e507a84da7b90447fb40f61f96a3
Instruction ID: 99c167187e998b84770145d537aea750014b829a24f9dd46c9a5f8530795f7df
Opcode Fuzzy Hash: fb65eb4f81e650295e1780febb60d6ac98f3e507a84da7b90447fb40f61f96a3
Instruction Fuzzy Hash: 8B011975200209BFDB115FA5DD49EBA3B6FEF8A3A0B254419FA45D7360DB31DC10DA60

Function 006C0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 006C0FCA
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 006C0FD6
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 006C0FE5
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 006C0FEC
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 006C1002

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: a54a6e1a58f5ca45cfae7a214bddf3ec5a964b89e568444bf58cbdc13200ecce
Instruction ID: 9aedf4a9c038fe8d8d325f5e46432dd4c83256e8fb647d212a7a4b0fdc5c9110
Opcode Fuzzy Hash: a54a6e1a58f5ca45cfae7a214bddf3ec5a964b89e568444bf58cbdc13200ecce
Instruction Fuzzy Hash: 7CF04F35200345ABD7214FA4DD4AFA63B6EEF8A761F114415F945CA351CE71DC50DA60

Function 006C1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 006C102A
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 006C1036
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006C1045
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 006C104C
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006C1062

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 44db2a39ac255928e19e2293cf41029159bbd877034502f2b271d3daf44ed3a6
Instruction ID: aa418d2534976c346be700dcd7f97353488fe9a896bfa7f24ecf7592cbbf0520
Opcode Fuzzy Hash: 44db2a39ac255928e19e2293cf41029159bbd877034502f2b271d3daf44ed3a6
Instruction Fuzzy Hash: 40F04936240309ABDB215FA4ED49FA63BAEEF8A761F110418FA45CA351CE71D890DA60

Function 006D030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,006D017D,?,006D32FC,?,00000001,006A2592,?), ref: 006D0324
CloseHandle.KERNEL32(?,?,?,?,006D017D,?,006D32FC,?,00000001,006A2592,?), ref: 006D0331
CloseHandle.KERNEL32(?,?,?,?,006D017D,?,006D32FC,?,00000001,006A2592,?), ref: 006D033E
CloseHandle.KERNEL32(?,?,?,?,006D017D,?,006D32FC,?,00000001,006A2592,?), ref: 006D034B
CloseHandle.KERNEL32(?,?,?,?,006D017D,?,006D32FC,?,00000001,006A2592,?), ref: 006D0358
CloseHandle.KERNEL32(?,?,?,?,006D017D,?,006D32FC,?,00000001,006A2592,?), ref: 006D0365

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: ccf95eeb54e4de9d6475f0d75e6b91158514461c6dfaa2c38860d12d1e5d11bf
Instruction ID: 5e2bd53acbf8ad7968277827374c6668929a63b5941d5f6fe8e964624a5bf83f
Opcode Fuzzy Hash: ccf95eeb54e4de9d6475f0d75e6b91158514461c6dfaa2c38860d12d1e5d11bf
Instruction Fuzzy Hash: 7F01E272800B069FD7309F66D880852F7F6BF503153068A3FD19252A30C3B1A954CF80

Function 0069D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0069D752

Part of subcall function 006929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000), ref: 006929DE
Part of subcall function 006929C8: GetLastError.KERNEL32(00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000,00000000), ref: 006929F0

_free.LIBCMT ref: 0069D764
_free.LIBCMT ref: 0069D776
_free.LIBCMT ref: 0069D788
_free.LIBCMT ref: 0069D79A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 1e2398ae884b4f660116e3c80460a85d72229697a9654692634b7e4ebff057ef
Instruction ID: 930ff677e084c7e2f5bfcaa3446ad0a5fbe1f1d6d57bc3d372908a0c4aa18432
Opcode Fuzzy Hash: 1e2398ae884b4f660116e3c80460a85d72229697a9654692634b7e4ebff057ef
Instruction Fuzzy Hash: 23F01232544205BB8E62EBA5F9C5C5A77DFBB547107E54819F04CEBE01C734FC8086A8

Function 006C5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 006C5C58
GetWindowTextW.USER32(00000000,?,00000100), ref: 006C5C6F
MessageBeep.USER32(00000000), ref: 006C5C87
KillTimer.USER32(?,0000040A), ref: 006C5CA3
EndDialog.USER32(?,00000001), ref: 006C5CBD

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 3ff33b270523690b8e11e2fdbb19e4e96c53058e6243f6f86c2b332d89134c68
Instruction ID: afb5fc02a9c392d3e820e4950627490150108833b496cbb6016bbd3cbe418cd6
Opcode Fuzzy Hash: 3ff33b270523690b8e11e2fdbb19e4e96c53058e6243f6f86c2b332d89134c68
Instruction Fuzzy Hash: 50016230500B08ABEB206B14DE4EFF677BAFB00B05F00155DA593A10E1DBF0B988CA91

Function 006922A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 006922BE

Part of subcall function 006929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000), ref: 006929DE
Part of subcall function 006929C8: GetLastError.KERNEL32(00000000,?,0069D7D1,00000000,00000000,00000000,00000000,?,0069D7F8,00000000,00000007,00000000,?,0069DBF5,00000000,00000000), ref: 006929F0

_free.LIBCMT ref: 006922D0
_free.LIBCMT ref: 006922E3
_free.LIBCMT ref: 006922F4
_free.LIBCMT ref: 00692305

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: e3e72a97030c59c265f2a4ca182b0f715ff018bae66bb142a446f06ba85f0fb2
Instruction ID: a3e1e8d8ddc4ff947fc5cf9c8c1c7ea606e7e21888ee281439d40e996ab1ec0a
Opcode Fuzzy Hash: e3e72a97030c59c265f2a4ca182b0f715ff018bae66bb142a446f06ba85f0fb2
Instruction Fuzzy Hash: 2AF05E70901522AB9E63EF55BC2184D3B6AF728B62740C50AF414D27B1C73C0912EFEC

Function 006795C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 006795D4
StrokeAndFillPath.GDI32(?,?,006B71F7,00000000,?,?,?), ref: 006795F0
SelectObject.GDI32(?,00000000), ref: 00679603
DeleteObject.GDI32 ref: 00679616
StrokePath.GDI32(?), ref: 00679631

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: a2b9bbddc4c88099166116796ae448718c0d2b9548d09336391fdb990efc325f
Instruction ID: 713b637bb74da11791a5011afacc6d0b4b06c83b968b5060882e6d097d11b1ff
Opcode Fuzzy Hash: a2b9bbddc4c88099166116796ae448718c0d2b9548d09336391fdb990efc325f
Instruction Fuzzy Hash: FEF01934005648EBEB129F65EE18BA43BA2AB01336F44C314F469551F0CB3999A6DF28

Function 00690F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 006910F9
__freea.LIBCMT ref: 00691117

Part of subcall function 00691537: _free.LIBCMT ref: 0069154F

Strings

a/p, xrefs: 006911DE
am/pm, xrefs: 0069117A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: 9ebb7e18a5ed7b437ef78ff07b915c4314b67b6b3393b363bdea6728ea047aaf
Instruction ID: dc41e8b0b57bbcef6f3954ce52e87df1016920839cc11a71f3fb4c9c148dff03
Opcode Fuzzy Hash: 9ebb7e18a5ed7b437ef78ff07b915c4314b67b6b3393b363bdea6728ea047aaf
Instruction Fuzzy Hash: 01D1CD31A00207DADF299F68C855AFAB7BAEB07300F38415AE9159FF50D7359E81CB91

Function 006E61D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON

Download Yara Rule

APIs

Part of subcall function 00680242: EnterCriticalSection.KERNEL32(0073070C,00731884,?,?,0067198B,00732518,?,?,?,006612F9,00000000), ref: 0068024D
Part of subcall function 00680242: LeaveCriticalSection.KERNEL32(0073070C,?,0067198B,00732518,?,?,?,006612F9,00000000), ref: 0068028A

Part of subcall function 006800A3: __onexit.LIBCMT ref: 006800A9

__Init_thread_footer.LIBCMT ref: 006E6238

Part of subcall function 006801F8: EnterCriticalSection.KERNEL32(0073070C,?,?,00678747,00732514), ref: 00680202
Part of subcall function 006801F8: LeaveCriticalSection.KERNEL32(0073070C,?,00678747,00732514), ref: 00680235

Part of subcall function 006D359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 006D35E4
Part of subcall function 006D359C: LoadStringW.USER32(00732390,?,00000FFF,?), ref: 006D360A

Strings

x#s, xrefs: 006E636F
x#s, xrefs: 006E633A
x#s, xrefs: 006E6353

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
String ID: x#s$x#s$x#s
API String ID: 1072379062-3720613016
Opcode ID: 4c31647907cf43fb2d9645b28248034756f3f7b7f63ab93f34875e7a35e378ad
Instruction ID: f314076641f80c1583835688701db0a0a8587111d223df268a0761325b1cab65
Opcode Fuzzy Hash: 4c31647907cf43fb2d9645b28248034756f3f7b7f63ab93f34875e7a35e378ad
Instruction Fuzzy Hash: 98C18D71A00245AFDB14DF99C890EBEB7BAEF58340F10806DF9159B291DB70ED45CB90

Function 00695AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE

Download Yara Rule

Strings

JOf, xrefs: 00695BA8, 00695C6C

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID: JOf
API String ID: 0-1367099043
Opcode ID: 871bd689812a4d876db279b95722256c3c27fa96759c7873490638d622ec6d7b
Instruction ID: 01f32bb7e4de9f50f7f1a2c0544931cfd8c8cfcbe090102ffe17e7ae3aceb8d6
Opcode Fuzzy Hash: 871bd689812a4d876db279b95722256c3c27fa96759c7873490638d622ec6d7b
Instruction Fuzzy Hash: C551B071D0060AEFDF22AFA4C855EEE7BBEAF05320F14015DF406A7691D7319A02CB65

Function 00698A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00698B6E
GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00698B7A
__dosmaperr.LIBCMT ref: 00698B81

Strings

.h, xrefs: 00698A63

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide__dosmaperr
String ID: .h
API String ID: 2434981716-3939481508
Opcode ID: f0c7af670a3f4d51262ef94409550a7549bf50277e2a790bae5fd4383464cbd5
Instruction ID: 1395fb6b6828f6ff9f6fb50f34727895d42e3134e13b6ca34c44c383143e6e75
Opcode Fuzzy Hash: f0c7af670a3f4d51262ef94409550a7549bf50277e2a790bae5fd4383464cbd5
Instruction Fuzzy Hash: FB416970604145AFDF249F64C890ABD7BEBEB87310F2C81A9E88587A46DE318C028794

Function 006C2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 006CB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,006C21D0,?,?,00000034,00000800,?,00000034), ref: 006CB42D

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 006C2760

Part of subcall function 006CB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,006C21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 006CB3F8

Part of subcall function 006CB32A: GetWindowThreadProcessId.USER32(?,?), ref: 006CB355
Part of subcall function 006CB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,006C2194,00000034,?,?,00001004,00000000,00000000), ref: 006CB365
Part of subcall function 006CB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,006C2194,00000034,?,?,00001004,00000000,00000000), ref: 006CB37B

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 006C27CD
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 006C281A

Strings

@, xrefs: 006C2832

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: 8e9484d15c2f934bed8dcb9c9ed18727f40d96ccb74a1cc5d5dcc6f258a54efe
Instruction ID: d7dbc9146765fb681bb4b5fe869db84b76d2452a731879209973385b496982cd
Opcode Fuzzy Hash: 8e9484d15c2f934bed8dcb9c9ed18727f40d96ccb74a1cc5d5dcc6f258a54efe
Instruction Fuzzy Hash: A2413C72900218AFDB10DBA4CD96FEEBBB9EF09700F105059FA55B7181DB706E45CBA1

Function 0069172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00691769
_free.LIBCMT ref: 00691834
_free.LIBCMT ref: 0069183E

Strings

C:\Users\user\Desktop\file.exe, xrefs: 00691760, 00691767, 00691796, 006917CE

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\Desktop\file.exe
API String ID: 2506810119-1957095476
Opcode ID: d23a0d2acd89e008bf01dc4f4f85a0e477483f5562045869945b4671d30c3ab7
Instruction ID: c2ecd30027a86c3dac7bb951232ee080dc5d4f30b63c03141bd14c97b2303d05
Opcode Fuzzy Hash: d23a0d2acd89e008bf01dc4f4f85a0e477483f5562045869945b4671d30c3ab7
Instruction Fuzzy Hash: 5F31A271A0020AABDF21DB999981DDEBBFEEB86310B60416AF804DB711D6704E41DB94

Function 006CC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 006CC306
DeleteMenu.USER32(?,00000007,00000000), ref: 006CC34C
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00731990,00CD5490), ref: 006CC395

Strings

0, xrefs: 006CC2DF

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: 14a936f5e0a7bd6dbc7aaa75cafcc19a57ad27ea535ff81289f2011f8e328d01
Instruction ID: aefcea0b73ae81e45ddf81d9a2dee33b0a584ffded06209dc4f679b748cce4d4
Opcode Fuzzy Hash: 14a936f5e0a7bd6dbc7aaa75cafcc19a57ad27ea535ff81289f2011f8e328d01
Instruction Fuzzy Hash: 54419F712043419FD720DF24E845F6ABBEAEF85320F04861EF8A9D7391D730A905CB66

Function 006F4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,006FCC08,00000000,?,?,?,?), ref: 006F44AA
GetWindowLongW.USER32 ref: 006F44C7
SetWindowLongW.USER32(?,000000F0,00000000), ref: 006F44D7

Strings

SysTreeView32, xrefs: 006F447C

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: b61373041d98bc38f95e1b7d58c70a76ea5f250d5f103558db8cfc2e526e57d1
Instruction ID: 8149b8d5b26166440d41d511f4cd24b76ab0e2d5c19a4ece6383bfc354da60df
Opcode Fuzzy Hash: b61373041d98bc38f95e1b7d58c70a76ea5f250d5f103558db8cfc2e526e57d1
Instruction Fuzzy Hash: 79319031214609AFDB209E38DC45BEB77AAEB09334F205719FA75E22D0DB74EC519B50

Function 006C6E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON

Download Yara Rule

APIs

SysReAllocString.OLEAUT32(?,?), ref: 006C6EED
VariantCopyInd.OLEAUT32(?,?), ref: 006C6F08
VariantClear.OLEAUT32(?), ref: 006C6F12

Strings

*jl, xrefs: 006C6E8B, 006C6E90, 006C6EF8

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Variant$AllocClearCopyString
String ID: *jl
API String ID: 2173805711-294499450
Opcode ID: 2600d33f1fdaeeeced98af0776228d4873245fbbe9d163a9a5075ee79c7205d7
Instruction ID: c888b0098fee8226719c15fec6c54a72063c3ef5dd86c23a6294825598f4dbc4
Opcode Fuzzy Hash: 2600d33f1fdaeeeced98af0776228d4873245fbbe9d163a9a5075ee79c7205d7
Instruction Fuzzy Hash: A9318171604245DBCB05AF65E851EBD37B7EF8A300B10049EFA228B2B1C7749952DB98

Function 006E304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

Part of subcall function 006E335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,006E3077,?,?), ref: 006E3378

inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 006E307A
_wcslen.LIBCMT ref: 006E309B
htons.WSOCK32(00000000,?,?,00000000), ref: 006E3106

Strings

255.255.255.255, xrefs: 006E3095, 006E309A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ByteCharMultiWide_wcslenhtonsinet_addr
String ID: 255.255.255.255
API String ID: 946324512-2422070025
Opcode ID: 66d04f3cfd990ba09ebeaaf19e39e462481a4d68eadb26b97dd6e07c23316bf6
Instruction ID: fc56ebfb2a7589cbcf9103f1ae68ceed2d2f9f8819d34b76cb0dfd2150f86176
Opcode Fuzzy Hash: 66d04f3cfd990ba09ebeaaf19e39e462481a4d68eadb26b97dd6e07c23316bf6
Instruction Fuzzy Hash: 8431E1352013959FCB20CF2AC589EEA77E2EF54318F248059E8158F392CB32EE45C760

Function 006F3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 006F3F40
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 006F3F54
SendMessageW.USER32(?,00001002,00000000,?), ref: 006F3F78

Strings

SysMonthCal32, xrefs: 006F3F0B

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: 6fd9ff7fd2e9f523bd76ca4998731c7249474797a1ce9dbc6c14edade6150046
Instruction ID: 03974dc966ca37de00f19e8d909a62107a52840bc22f88bd2a9b6dcd6345c0b6
Opcode Fuzzy Hash: 6fd9ff7fd2e9f523bd76ca4998731c7249474797a1ce9dbc6c14edade6150046
Instruction Fuzzy Hash: 99219F32600229BFDF158F54DC46FEA3B76EF48724F110218FA15AB2D0D6B5A950CB90

Function 006F4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 006F4705
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 006F4713
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 006F471A

Strings

msctls_updown32, xrefs: 006F4684

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: dd8db91482bf15385098504885b77fd1d8030fed6440d43fdd0339c66f4b18b9
Instruction ID: 6f2ceb2bed01fb9add76cbf76b171640eea11c0458f8da8370f7575d6c9a3b56
Opcode Fuzzy Hash: dd8db91482bf15385098504885b77fd1d8030fed6440d43fdd0339c66f4b18b9
Instruction Fuzzy Hash: E5213EB5604209AFEB10EF64DC91DB737AEEF9A3A8B050159FA009B351CB75EC11CA64

Function 006C95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 006C961D

Strings

#notrayicon, xrefs: 006C95B7
#requireadmin, xrefs: 006C95D9
#OnAutoItStartRegister, xrefs: 006C95F3

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _wcslen
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 176396367-2734436370
Opcode ID: 9b1ca360416fba7c5959ee4c2fdc98b3f66672f97fb464872a341ac26aaca451
Instruction ID: 0a0f3ed6e395cd097cf9b562d3e1244576b4cc271c383dbad648c29df56416ba
Opcode Fuzzy Hash: 9b1ca360416fba7c5959ee4c2fdc98b3f66672f97fb464872a341ac26aaca451
Instruction Fuzzy Hash: AB21383220411166E331BB25DC0AFF7739BEF55314F50402EFA4997282EB619D42C3B9

Function 006F37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 006F3840
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 006F3850
MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 006F3876

Strings

Listbox, xrefs: 006F380F

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: 58cbf74f7623dc02c4b755a266bf9477d34724be8cc216ceb6cfb336d13505f7
Instruction ID: 94b6ef4b2457c13e65736fa01c74b8702c6bee6d013ab6adb9d873d0a5a422d5
Opcode Fuzzy Hash: 58cbf74f7623dc02c4b755a266bf9477d34724be8cc216ceb6cfb336d13505f7
Instruction Fuzzy Hash: 9921B072610228BBEB119F54DC41EFB376BEF897A0F108124FA109B290C675DC52C7A0

Function 006D49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 006D4A08
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 006D4A5C
SetErrorMode.KERNEL32(00000000,?,?,006FCC08), ref: 006D4AD0

Strings

%lu, xrefs: 006D4A6F

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: 13303c4634f25c36fc687926a1e075d659ebba4f7ecf7853f1455fdf8c72e7e8
Instruction ID: c20e997bf525442af4c7b10d1fac0ec0ed1442108410271aeff5d3967329b7e3
Opcode Fuzzy Hash: 13303c4634f25c36fc687926a1e075d659ebba4f7ecf7853f1455fdf8c72e7e8
Instruction Fuzzy Hash: B9318E74A00108AFDB10DF54C981EAA7BFAEF08318F1480A9E809DB352DB71EE45CB61

Function 006F41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 006F424F
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 006F4264
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 006F4271

Strings

msctls_trackbar32, xrefs: 006F4226

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: 361c4d0e5be2370e2c76972160e02283f905b27fb47623bb4db9216c42bf86f1
Instruction ID: 12327a5b80229cf6fc12dd4581ab8d36ec408e3e3f432ef645d27dc0f5adb83d
Opcode Fuzzy Hash: 361c4d0e5be2370e2c76972160e02283f905b27fb47623bb4db9216c42bf86f1
Instruction Fuzzy Hash: 2811E031240248BEEF209F28CC06FFB3BAEEF85B64F010528FA55E21A0D671D811DB24

Function 006C2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00666B57: _wcslen.LIBCMT ref: 00666B6A

Part of subcall function 006C2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 006C2DC5
Part of subcall function 006C2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 006C2DD6
Part of subcall function 006C2DA7: GetCurrentThreadId.KERNEL32 ref: 006C2DDD
Part of subcall function 006C2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 006C2DE4

GetFocus.USER32 ref: 006C2F78

Part of subcall function 006C2DEE: GetParent.USER32(00000000), ref: 006C2DF9

GetClassNameW.USER32(?,?,00000100), ref: 006C2FC3
EnumChildWindows.USER32(?,006C303B), ref: 006C2FEB

Strings

%s%d, xrefs: 006C2FFF

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
String ID: %s%d
API String ID: 1272988791-1110647743
Opcode ID: 026016abe38ffb30f8987efb23e84f867504df3beb06ee075fdf2cce4cc7c0c6
Instruction ID: 46c6e65f1fb55847c6484c2a83567034ea6f0540d8c02ee5ebff964930a88a34
Opcode Fuzzy Hash: 026016abe38ffb30f8987efb23e84f867504df3beb06ee075fdf2cce4cc7c0c6
Instruction Fuzzy Hash: 5611AE71200219ABCF806F60DC96FFD376BEF94314F04807DF9099B292DE70A9498B60

Function 006F5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 006F58C1
SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 006F58EE
DrawMenuBar.USER32(?), ref: 006F58FD

Strings

0, xrefs: 006F588F

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: 0
API String ID: 3227129158-4108050209
Opcode ID: 1a9a661ab94d2c0b47a0a8aa47cc5727987e8769c54de4bdaf92372ff1b4da77
Instruction ID: a5226364936898e7c4ea578e8f69039e16f66f7609a0ecc6d3e40aa6019a27c8
Opcode Fuzzy Hash: 1a9a661ab94d2c0b47a0a8aa47cc5727987e8769c54de4bdaf92372ff1b4da77
Instruction Fuzzy Hash: 3F015B3150025CEEDB619F21DC44BBEBBB6FF45360F10809AEA4AD6251DB708A95EF21

Function 006BD3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 006BD3BF
FreeLibrary.KERNEL32 ref: 006BD3E5

Strings

X64, xrefs: 006BD2A8
GetSystemWow64DirectoryW, xrefs: 006BD3B9

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: GetSystemWow64DirectoryW$X64
API String ID: 3013587201-2590602151
Opcode ID: 3289b1074e8af29cac5bf2a0d4fa9b9978e6804b9705eb155d4fcb6cc99d8a53
Instruction ID: c79dcbd2ccb94b1c68aad9dce5954fbbc52bb61eee7fea097b947426ca7f8ae9
Opcode Fuzzy Hash: 3289b1074e8af29cac5bf2a0d4fa9b9978e6804b9705eb155d4fcb6cc99d8a53
Instruction Fuzzy Hash: EEF055E2802A659BD3314B208D24DF93723AF01B01B589128EA02E920AF734CEC98382

Function 006C007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84750527477944493f8bf01c9daae847e10f8d9017c45be67609b5519b661d83
Instruction ID: 9aeabdd0f48f909ceece9e81d223e041b3289d88158f9b72cfd99d38a4921aad
Opcode Fuzzy Hash: 84750527477944493f8bf01c9daae847e10f8d9017c45be67609b5519b661d83
Instruction Fuzzy Hash: 71C12775A0021AEFEB14DFA4C894FBAB7B6FF48704F248598E505AB251D731EE41CB90

Function 006E342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 006E3459
CoUninitialize.OLE32 ref: 006E3463
VariantInit.OLEAUT32(?), ref: 006E346E
VariantClear.OLEAUT32(?), ref: 006E371B

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Variant$ClearInitInitializeUninitialize
String ID:
API String ID: 1998397398-0
Opcode ID: 767eef7635e4438ba84a79af273cb3887dac486c1590ea4ebb05f12420f74fa4
Instruction ID: 906ae118a4fe342e7e56a1686b5f34089b77f62b878312fb126a725d06bbd5aa
Opcode Fuzzy Hash: 767eef7635e4438ba84a79af273cb3887dac486c1590ea4ebb05f12420f74fa4
Instruction Fuzzy Hash: 03A159756143109FCB50DF29C485A6AB7E6FF88724F04885DF98A9B362DB30EE01CB95

Function 006C0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,006FFC08,?), ref: 006C05F0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,006FFC08,?), ref: 006C0608
CLSIDFromProgID.OLE32(?,?,00000000,006FCC40,000000FF,?,00000000,00000800,00000000,?,006FFC08,?), ref: 006C062D
_memcmp.LIBVCRUNTIME ref: 006C064E

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: 4542ef3100f9cb1a29df62ca9509128ed512e2daeb073538441a71c7a97bdf9a
Instruction ID: 612b398968346f2ea6d88dea62adbf2c57289caceda0baa7f8fa81f104fabea4
Opcode Fuzzy Hash: 4542ef3100f9cb1a29df62ca9509128ed512e2daeb073538441a71c7a97bdf9a
Instruction Fuzzy Hash: 7E81E875A00109EFDB04DF94C984EFEB7BAFF89315F204598E516AB250DB71AE06CB60

Function 006A1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 006A14C0

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: a6c142279e4f3018517f00aa3b6ec40deb6506a7c242609cab695d347ae271f9
Instruction ID: 2a6bf4a7a8962ae58e607c67097e99b86da0a9f76a41507980d2bc272927bc74
Opcode Fuzzy Hash: a6c142279e4f3018517f00aa3b6ec40deb6506a7c242609cab695d347ae271f9
Instruction Fuzzy Hash: 43411931900114ABDF217FFD8C456AE3AEBEF4B770F140229F419DA292E6348D425BB5

Function 006F6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 006F62E2
ScreenToClient.USER32(?,?), ref: 006F6315
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 006F6382

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: aab9ad404a81ddff802809d224839054cce31e69db742ec63820cc5b07fc67ef
Instruction ID: 38b4cdae65a4d33a3c62ccb628393a063b508fb204af07fa4a3b0ee613543c69
Opcode Fuzzy Hash: aab9ad404a81ddff802809d224839054cce31e69db742ec63820cc5b07fc67ef
Instruction Fuzzy Hash: F6513975A00209EFDB10DF68D880ABE7BB6EF55360F108169F9159B390D730ED41CB90

Function 006E1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 006E1AFD
WSAGetLastError.WSOCK32 ref: 006E1B0B
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 006E1B8A
WSAGetLastError.WSOCK32 ref: 006E1B94

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: 4761bf4fac1533e72f70777346dacd0927acac9f7d79b26a69a7b1e64bda0c84
Instruction ID: cde5ad41d164262f1132c13ea31488d03b137e6d08151fd7c828ab62f58e9703
Opcode Fuzzy Hash: 4761bf4fac1533e72f70777346dacd0927acac9f7d79b26a69a7b1e64bda0c84
Instruction Fuzzy Hash: 38419E34600300AFE720AF25C886F6A77E6AB45718F54848CF95A9F3D2D672ED42CB90

Function 0069B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56c848fd9346cc483e9f373c4ad868581edaccc760d084845e5fc9fa120e945b
Instruction ID: adc67f79b614ba53effc2d131c591813729772d71a811dc4570e464fd515f743
Opcode Fuzzy Hash: 56c848fd9346cc483e9f373c4ad868581edaccc760d084845e5fc9fa120e945b
Instruction Fuzzy Hash: F8412875A00304BFDB24AF78DD41BAABBEEEF84B10F10462EF141DBA91D37199018B80

Function 006D56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 006D5783
GetLastError.KERNEL32(?,00000000), ref: 006D57A9
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 006D57CE
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 006D57FA

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: bf08c34a71c95ff7abb411edfa1b57bd642ed93bb82c872f6527b7ecf16b19bc
Instruction ID: b838045748909bc2152813d238c494ec1f8555493ec0f2184595ccf7808dfabb
Opcode Fuzzy Hash: bf08c34a71c95ff7abb411edfa1b57bd642ed93bb82c872f6527b7ecf16b19bc
Instruction Fuzzy Hash: D7412939600A10DFCB11EF15C544A5EBBF3EF89324B198489E84AAB362CB31FD40CB95

Function 0069D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,?,00686D71,00000000,00000000,006882D9,?,006882D9,?,00000001,00686D71,?,00000001,006882D9,006882D9), ref: 0069D910
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0069D999
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0069D9AB
__freea.LIBCMT ref: 0069D9B4

Part of subcall function 00693820: RtlAllocateHeap.NTDLL(00000000,?,00731444,?,0067FDF5,?,?,0066A976,00000010,00731440,006613FC,?,006613C6,?,00661129), ref: 00693852

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 0693984a238bada2b65fd46c2775e0bf2a0cbb524053a118f5b05aa0882b4637
Instruction ID: d6a65b4edf08115057d0f49593150ec46f962b0f575d2cc48351045110cc43c1
Opcode Fuzzy Hash: 0693984a238bada2b65fd46c2775e0bf2a0cbb524053a118f5b05aa0882b4637
Instruction Fuzzy Hash: 3131B072A0020AABDF25EF64DC41EEE7BAAEB41310B154269FC04D7291EB35CD55CB90

Function 006F52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001024,00000000,?), ref: 006F5352
GetWindowLongW.USER32(?,000000F0), ref: 006F5375
SetWindowLongW.USER32(?,000000F0,00000000), ref: 006F5382
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 006F53A8

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: LongWindow$InvalidateMessageRectSend
String ID:
API String ID: 3340791633-0
Opcode ID: 5d190f40b570f8ca9722068443ed0cac727d380326fec37654644ea47331afe1
Instruction ID: ac8ffd9af27915a76884c327dbaac8f7d57ae24d0b0f9ba57a361e5b6409d595
Opcode Fuzzy Hash: 5d190f40b570f8ca9722068443ed0cac727d380326fec37654644ea47331afe1
Instruction Fuzzy Hash: B531B236A55A0CEFEB309B1CCC05BF877A7AB05390F584101FB12962E1E7B4AD41DB82

Function 006CAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 006CABF1
SetKeyboardState.USER32(00000080,?,00008000), ref: 006CAC0D
PostMessageW.USER32(00000000,00000101,00000000), ref: 006CAC74
SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 006CACC6

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: d811c424330e29029a44c3c83da405ac8e31384387b3dd0d50fb972433c3407e
Instruction ID: 50d333d31fcf07799a418ee71e49cbca89b4902bfe1f81d306b70378a45a8ebb
Opcode Fuzzy Hash: d811c424330e29029a44c3c83da405ac8e31384387b3dd0d50fb972433c3407e
Instruction Fuzzy Hash: 77312830A4421C6FEF34CBA48C08FFA7BA7EB49328F04421EE481922D1C37489958756

Function 006F7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 006F769A
GetWindowRect.USER32(?,?), ref: 006F7710
PtInRect.USER32(?,?,006F8B89), ref: 006F7720
MessageBeep.USER32(00000000), ref: 006F778C

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: 87d75b71eace170c11d812a2d5c0232e5a85960bf157d868886216d9f7540102
Instruction ID: d4eff31e20b5015d23182fd1a68ecbd3a9d26508a11e879174d8e2a14dfbee5f
Opcode Fuzzy Hash: 87d75b71eace170c11d812a2d5c0232e5a85960bf157d868886216d9f7540102
Instruction Fuzzy Hash: F9417834A1925CDFDB01EF58D894EB9B7F6BB49314F1980A8EA149B361C731E942CB90

Function 006F16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 006F16EB

Part of subcall function 006C3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 006C3A57
Part of subcall function 006C3A3D: GetCurrentThreadId.KERNEL32 ref: 006C3A5E
Part of subcall function 006C3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006C25B3), ref: 006C3A65

GetCaretPos.USER32(?), ref: 006F16FF
ClientToScreen.USER32(00000000,?), ref: 006F174C
GetForegroundWindow.USER32 ref: 006F1752

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: ba260ddd856f0bab8a1b0afed880ae5b889161d0cc7006dc340f3421c9e97d17
Instruction ID: ba3269737e9edf2d1f57d18220c6ac8be04dd5fe5e52a78c304b3a842f7055ca
Opcode Fuzzy Hash: ba260ddd856f0bab8a1b0afed880ae5b889161d0cc7006dc340f3421c9e97d17
Instruction Fuzzy Hash: 47313075D00149AFC744EFA9C981DBEB7FAEF49314B50806EE415E7311D6319E45CBA0

Function 006CD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 006CD501
Process32FirstW.KERNEL32(00000000,?), ref: 006CD50F
Process32NextW.KERNEL32(00000000,?), ref: 006CD52F
CloseHandle.KERNEL32(00000000), ref: 006CD5DC

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: e042694bfd0331ae8c83c8b9d4dfd36f71818ccd4cc3b613c09130f8b4f03928
Instruction ID: 746ceb802ccc82ae5d18cd813014b8890b87c50a68c67219b9a70275a365fec1
Opcode Fuzzy Hash: e042694bfd0331ae8c83c8b9d4dfd36f71818ccd4cc3b613c09130f8b4f03928
Instruction Fuzzy Hash: D531AF71008300AFD304EF54C881EBFBBEAEF99354F50092DF581932A1EB719948CBA2

Function 006F8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00679BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00679BB2

GetCursorPos.USER32(?), ref: 006F9001
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,006B7711,?,?,?,?,?), ref: 006F9016
GetCursorPos.USER32(?), ref: 006F905E
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,006B7711,?,?,?), ref: 006F9094

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: 7f84a1f3ba9cb8c59e94f24b0835356f719c5c6062c63f72775187c3720f549c
Instruction ID: e6040af9315eaff543f711a6baaa1bb446c7ec8df838578fb63f590ebacf5503
Opcode Fuzzy Hash: 7f84a1f3ba9cb8c59e94f24b0835356f719c5c6062c63f72775187c3720f549c
Instruction Fuzzy Hash: E821803560001CEFDB158F94C858FFA7BBAEB49360F044069F6054B2A1C735A991DF64

Function 006CD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,006FCB68), ref: 006CD2FB
GetLastError.KERNEL32 ref: 006CD30A
CreateDirectoryW.KERNEL32(?,00000000), ref: 006CD319
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,006FCB68), ref: 006CD376

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: 4875987307b33f958e429bde0a3155e980d11710a5ba71d2b5312d35361641e7
Instruction ID: 1c3fa5b81bbaae6853d8b19ce207980664a52a37545b7a5c453c72ecd088092d
Opcode Fuzzy Hash: 4875987307b33f958e429bde0a3155e980d11710a5ba71d2b5312d35361641e7
Instruction Fuzzy Hash: 1921A3705042059FC300DF24C9819BAB7E9EE56364F104A2EF499C73A1DB30DA46CB97

Function 006C1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 006C1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 006C102A
Part of subcall function 006C1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 006C1036
Part of subcall function 006C1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006C1045
Part of subcall function 006C1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 006C104C
Part of subcall function 006C1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006C1062

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 006C15BE
_memcmp.LIBVCRUNTIME ref: 006C15E1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 006C1617
HeapFree.KERNEL32(00000000), ref: 006C161E

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: 52937b83e1b2822910ebd148066220fd132a5738f2509d58f328931388d02580
Instruction ID: 4f7469fe0c6707ae66a79130752dc373a4c991f32aa3a44968a1a6853da471a8
Opcode Fuzzy Hash: 52937b83e1b2822910ebd148066220fd132a5738f2509d58f328931388d02580
Instruction Fuzzy Hash: 9A214A71E00109AFDB10DFA5C945FFEB7BAEF46354F184459E441AB242E731EA05DBA0

Function 006F2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 006F280A
SetWindowLongW.USER32(?,000000EC,00000000), ref: 006F2824
SetWindowLongW.USER32(?,000000EC,00000000), ref: 006F2832
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 006F2840

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: 9cdf1d73b2a530d2b7c1e107f5f637a22248bbebe19bf142974bcec978ad83cb
Instruction ID: b5e3965828d64fc45ece91f88dcf59f1ea1c082322dfbfc31d7ded719f7d416a
Opcode Fuzzy Hash: 9cdf1d73b2a530d2b7c1e107f5f637a22248bbebe19bf142974bcec978ad83cb
Instruction Fuzzy Hash: 8C21A13120551AAFD7149B24C865FBA7B9BAF85324F14815CF526CB6E2C771FC82CB90

Function 006C78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

Part of subcall function 006C8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,006C790A,?,000000FF,?,006C8754,00000000,?,0000001C,?,?), ref: 006C8D8C
Part of subcall function 006C8D7D: lstrcpyW.KERNEL32(00000000,?,?,006C790A,?,000000FF,?,006C8754,00000000,?,0000001C,?,?,00000000), ref: 006C8DB2
Part of subcall function 006C8D7D: lstrcmpiW.KERNEL32(00000000,?,006C790A,?,000000FF,?,006C8754,00000000,?,0000001C,?,?), ref: 006C8DE3

lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,006C8754,00000000,?,0000001C,?,?,00000000), ref: 006C7923
lstrcpyW.KERNEL32(00000000,?,?,006C8754,00000000,?,0000001C,?,?,00000000), ref: 006C7949
lstrcmpiW.KERNEL32(00000002,cdecl,?,006C8754,00000000,?,0000001C,?,?,00000000), ref: 006C7984

Strings

cdecl, xrefs: 006C797B

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: 5a81ef1048b2090284e4c180f1375ee91b9f72a14b907d04545c09c870319af8
Instruction ID: 868ca95b132905e1f37431ee750ea47c23880631eaa9e6d27de32ed3c089775b
Opcode Fuzzy Hash: 5a81ef1048b2090284e4c180f1375ee91b9f72a14b907d04545c09c870319af8
Instruction Fuzzy Hash: A211D63A200205AFCB259F34D845EBA77A6FF45360B50402EF946C7364EB319811CBA5

Function 006F7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 006F7D0B
SetWindowLongW.USER32(00000000,000000F0,?), ref: 006F7D2A
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 006F7D42
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,006DB7AD,00000000), ref: 006F7D6B

Part of subcall function 00679BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00679BB2

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: c5ca8f2cc8c7dd9ea58de7569adb624c94cc134adfceeb7fe0b4f5c3cf96be9a
Instruction ID: 35f5425f381ade1650db977d47e7817121fdd8121a48d904547d5519714beef2
Opcode Fuzzy Hash: c5ca8f2cc8c7dd9ea58de7569adb624c94cc134adfceeb7fe0b4f5c3cf96be9a
Instruction Fuzzy Hash: 5511AF31608659AFCB109F28CC04AB63BA6AF45370B558724F939CB2F0D7309961DB50

Function 006F5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001060,?,00000004), ref: 006F56BB
_wcslen.LIBCMT ref: 006F56CD
_wcslen.LIBCMT ref: 006F56D8
SendMessageW.USER32(?,00001002,00000000,?), ref: 006F5816

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend_wcslen
String ID:
API String ID: 455545452-0
Opcode ID: c82984416222ddb65b3a2d7da63d6f570917b8ca95ddb2597140b2c9ff9740e1
Instruction ID: 05ec29191385f39a95881baf0110d7447b0c5ddcb58af213c3f364d09e1766b6
Opcode Fuzzy Hash: c82984416222ddb65b3a2d7da63d6f570917b8ca95ddb2597140b2c9ff9740e1
Instruction Fuzzy Hash: E011B17160061D96DF209F618C85AFE77ADAF11760B50812AFB26D6185EBB08E80CB64

Function 00691D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5dda3618a0ea3f67eb4b9df659e1c2888031c5a821d20cf32b52a835903a4a0
Instruction ID: a6abb5073ed2f9b0d379116b1e807a44efef7d30e0265868a1ec4c461a001503
Opcode Fuzzy Hash: a5dda3618a0ea3f67eb4b9df659e1c2888031c5a821d20cf32b52a835903a4a0
Instruction Fuzzy Hash: 2601A2F220961B7EFF5116786CC0F67661FDF827B8B30132AF531556D2DB608C058164

Function 006C1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 006C1A47
SendMessageW.USER32(?,000000C9,?,00000000), ref: 006C1A59
SendMessageW.USER32(?,000000C9,?,00000000), ref: 006C1A6F
SendMessageW.USER32(?,000000C9,?,00000000), ref: 006C1A8A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: feb51b49c762f1060f4c3686be3ad912065508a7fb43b2b9ed0789f6e5b22846
Instruction ID: fdd6e5eb2fc7c3adfbcb41f41b3f6a70ca5ef9ae2d5ece28eef458080a68a4ec
Opcode Fuzzy Hash: feb51b49c762f1060f4c3686be3ad912065508a7fb43b2b9ed0789f6e5b22846
Instruction Fuzzy Hash: 0011393AD01219FFEB10DBE4CD85FADBB79EB09750F200096EA00BB290D6716E50DB94

Function 006CE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 006CE1FD
MessageBoxW.USER32(?,?,?,?), ref: 006CE230
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 006CE246
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 006CE24D

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: 2a78de3ca53f3d822fcddcdfcfef4867a36a5f7f571a5a03eb909729eccc366d
Instruction ID: 8abd6787e83b23f93e4f41611b1edabf169c20f5c7f11be7e9cd3a131a85d68f
Opcode Fuzzy Hash: 2a78de3ca53f3d822fcddcdfcfef4867a36a5f7f571a5a03eb909729eccc366d
Instruction Fuzzy Hash: 1C11C876904258BBD7019BA89C09FBE7FBEDB45321F048259F924D3291D6798A0487A0

Function 0068D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,0068CFF9,00000000,00000004,00000000), ref: 0068D218
GetLastError.KERNEL32 ref: 0068D224
__dosmaperr.LIBCMT ref: 0068D22B
ResumeThread.KERNEL32(00000000), ref: 0068D249

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr
String ID:
API String ID: 173952441-0
Opcode ID: 7414f80f82643b4e064905e54877f5d059bbb0c0c3c4db5352fa4e6c5a379d95
Instruction ID: 73a21a24c520aafb193865935860caaeaf310d3aefd28d0d89bb7014321a248c
Opcode Fuzzy Hash: 7414f80f82643b4e064905e54877f5d059bbb0c0c3c4db5352fa4e6c5a379d95
Instruction Fuzzy Hash: 5D019236805208BBDB217BA5DC19BAE7B6BEF81771F104319FA25961E0DB718A01C7B0

Function 006F9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 00679BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00679BB2

GetClientRect.USER32(?,?), ref: 006F9F31
GetCursorPos.USER32(?), ref: 006F9F3B
ScreenToClient.USER32(?,?), ref: 006F9F46
DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 006F9F7A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: d267bea17e11639f5f77d29852ef9514833b1696b1e1992344121ec5c9fc540e
Instruction ID: 0d28c347bfe207b7d69f497ef6a89df93705c6da4fc730cd6174f211cc069d59
Opcode Fuzzy Hash: d267bea17e11639f5f77d29852ef9514833b1696b1e1992344121ec5c9fc540e
Instruction Fuzzy Hash: 2211333290111EABDB00EFA8C889AFE77BAFB46321F404455FA01E7140D730BA95CBB5

Function 0066600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0066604C
GetStockObject.GDI32(00000011), ref: 00666060
SendMessageW.USER32(00000000,00000030,00000000), ref: 0066606A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: c9f18e4b4c6c946d04fcb6d6d92f73b476582c3bbcec5c1834691c46803a3f91
Instruction ID: 3d3fe28e4c78bae15cb1e8790eef941b9df9e28ef504a09602d01897867b9425
Opcode Fuzzy Hash: c9f18e4b4c6c946d04fcb6d6d92f73b476582c3bbcec5c1834691c46803a3f91
Instruction Fuzzy Hash: 67116D72501548BFEF129FA4ED54EEABF6EEF093A4F040225FA1552120D732AC60DFA0

Function 00683B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 00683B56

Part of subcall function 00683AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00683AD2
Part of subcall function 00683AA3: ___AdjustPointer.LIBCMT ref: 00683AED

_UnwindNestedFrames.LIBCMT ref: 00683B6B
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00683B7C
CallCatchBlock.LIBVCRUNTIME ref: 00683BA4

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction ID: 06796609d08f9e3989d9c55b4213e201e96fac7008e8b07aacad9e4638298424
Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction Fuzzy Hash: 57014C72100149BBDF127E95CC42EEB3F6EEF58B54F044218FE4866221D732E961DBA4

Function 00693073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,006613C6,00000000,00000000,?,0069301A,006613C6,00000000,00000000,00000000,?,0069328B,00000006,FlsSetValue), ref: 006930A5
GetLastError.KERNEL32(?,0069301A,006613C6,00000000,00000000,00000000,?,0069328B,00000006,FlsSetValue,00702290,FlsSetValue,00000000,00000364,?,00692E46), ref: 006930B1
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0069301A,006613C6,00000000,00000000,00000000,?,0069328B,00000006,FlsSetValue,00702290,FlsSetValue,00000000), ref: 006930BF

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: fc3917ec54919a54c103f9e2f9e264d2adf958e82f95698f443054dc6e103f6a
Instruction ID: 9a128aeb3c148698b84229aabacaf0ebdcbcdd48e1ce37f285f72c47d80cda9d
Opcode Fuzzy Hash: fc3917ec54919a54c103f9e2f9e264d2adf958e82f95698f443054dc6e103f6a
Instruction Fuzzy Hash: E901D432301336ABDF314B789C449A77B9EAF05BB1B114620F915E3740C721DA05C6E0

Function 006C7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 006C747F
LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 006C7497
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 006C74AC
RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 006C74CA

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: 4c7065ba508d3fe33392552db219cb3232a52d8ed22ba39c9ac225f2ca3b37dc
Instruction ID: 6a1e32710212ec2a0bcc270771d13d54e90fbb7ffdfff8c90f16f1a7bd10f11e
Opcode Fuzzy Hash: 4c7065ba508d3fe33392552db219cb3232a52d8ed22ba39c9ac225f2ca3b37dc
Instruction Fuzzy Hash: 881179B1205318ABE720CF14DD09FA2BBFAEB00B10F10856DA626D6191D7B0E904DFA0

Function 006CB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,006CACD3,?,00008000), ref: 006CB0C4
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,006CACD3,?,00008000), ref: 006CB0E9
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,006CACD3,?,00008000), ref: 006CB0F3
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,006CACD3,?,00008000), ref: 006CB126

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: dff68d0174026f8c459f81ca9923759caefc74c25d99895baa9f1401fd294755
Instruction ID: d0f50aef6a8f5429a1c72644070c1176c18d10256dc9177fd4d8ff5c4913a350
Opcode Fuzzy Hash: dff68d0174026f8c459f81ca9923759caefc74c25d99895baa9f1401fd294755
Instruction Fuzzy Hash: 4D112731D0152CE7CF00AFA4E95ABFEBB79FF0A721F105089D941B2281CB305A61CB56

Function 006F7E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 006F7E33
ScreenToClient.USER32(?,?), ref: 006F7E4B
ScreenToClient.USER32(?,?), ref: 006F7E6F
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 006F7E8A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: 9e7f3a9077601b49858dc20604af33f99c3f6691a38cfd0837fd62f12577f29d
Instruction ID: 27d3342181895d6654589677ea562e2c519646e574165f553799b98fe95119f9
Opcode Fuzzy Hash: 9e7f3a9077601b49858dc20604af33f99c3f6691a38cfd0837fd62f12577f29d
Instruction Fuzzy Hash: 871140B9D0420EAFDB41DF98C984AEEBBF9FB18310F509066E915E2210D735AA54CF90

Function 006C2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 006C2DC5
GetWindowThreadProcessId.USER32(?,00000000), ref: 006C2DD6
GetCurrentThreadId.KERNEL32 ref: 006C2DDD
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 006C2DE4

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: f9d30b501b24a700fe3f7ccb6d006d048e10a7d2a3074c77a05a8f1400816454
Instruction ID: e9cec35e853ac2a5ea67a547017db0edadd6bf0218c11b8edc8663ed19afbd8d
Opcode Fuzzy Hash: f9d30b501b24a700fe3f7ccb6d006d048e10a7d2a3074c77a05a8f1400816454
Instruction Fuzzy Hash: 32E092711052287BD7201B729D0DFFB7E6EEF53BB1F001019F506D10809AA0D841D6B0

Function 006F8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00679639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00679693
Part of subcall function 00679639: SelectObject.GDI32(?,00000000), ref: 006796A2
Part of subcall function 00679639: BeginPath.GDI32(?), ref: 006796B9
Part of subcall function 00679639: SelectObject.GDI32(?,00000000), ref: 006796E2

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 006F8887
LineTo.GDI32(?,?,?), ref: 006F8894
EndPath.GDI32(?), ref: 006F88A4
StrokePath.GDI32(?), ref: 006F88B2

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: 01a5d5ca4ab9ed6111c351101aa8b4fca1f5a5580df3b7055b753fe2b5599cfe
Instruction ID: f5836445a0f3279d372a9d83ea00b8aafb6734bb410a7115545c82b1a68aba7e
Opcode Fuzzy Hash: 01a5d5ca4ab9ed6111c351101aa8b4fca1f5a5580df3b7055b753fe2b5599cfe
Instruction Fuzzy Hash: EFF09A36001258BAEB125F94AD09FEA3F5AAF06320F408000FA11610E1CB791521CBA9

Function 006798B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 006798CC
SetTextColor.GDI32(?,?), ref: 006798D6
SetBkMode.GDI32(?,00000001), ref: 006798E9
GetStockObject.GDI32(00000005), ref: 006798F1

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Color$ModeObjectStockText
String ID:
API String ID: 4037423528-0
Opcode ID: 81a33557d867f6e34c2af399cfe3af907c92b4a67ece10c3e4efb89c7ccf067a
Instruction ID: 34b90baec700feee2062b07f7310956f455495aeef5aeea6c68f55e978e660e6
Opcode Fuzzy Hash: 81a33557d867f6e34c2af399cfe3af907c92b4a67ece10c3e4efb89c7ccf067a
Instruction Fuzzy Hash: 6BE06531244244AADB215F78AD09BF83F52EB52336F148219F6F9581E1C7714650DB10

Function 006C162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 006C1634
OpenThreadToken.ADVAPI32(00000000,?,?,?,006C11D9), ref: 006C163B
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,006C11D9), ref: 006C1648
OpenProcessToken.ADVAPI32(00000000,?,?,?,006C11D9), ref: 006C164F

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: e311f7892d8a67dd1a1062c4921ba6487ad8777f6ba6599148212f6728cc6676
Instruction ID: a37ef2bf300a9e77fba8e9fb3f260806e716effdaab1ebbedd88f86869fdb4be
Opcode Fuzzy Hash: e311f7892d8a67dd1a1062c4921ba6487ad8777f6ba6599148212f6728cc6676
Instruction Fuzzy Hash: 61E08C32602215EBD7201FB5AF0EFA63B7EEF467A2F148808F245CD081EA358445CB60

Function 006BD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 006BD858
GetDC.USER32(00000000), ref: 006BD862
GetDeviceCaps.GDI32(00000000,0000000C), ref: 006BD882
ReleaseDC.USER32(?), ref: 006BD8A3

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 257e8d845bc0f14f7720b1a45bf14c8ec85feb8fd26847671b7d653709fa8e80
Instruction ID: c3679fe6db0f7e953686256ac10b136758e1e527de0a6db4a04928ad45c2921a
Opcode Fuzzy Hash: 257e8d845bc0f14f7720b1a45bf14c8ec85feb8fd26847671b7d653709fa8e80
Instruction Fuzzy Hash: F9E01AB0804208EFCB419FA4DA08A7DBBB3FF08321F10A409E846E7350CB394942EF40

Function 006BD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 006BD86C
GetDC.USER32(00000000), ref: 006BD876
GetDeviceCaps.GDI32(00000000,0000000C), ref: 006BD882
ReleaseDC.USER32(?), ref: 006BD8A3

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: b1c42bc5a78b5cc23937883bdf7f8b37a50207ed4b5ef83d6c4ff36a18ee56f5
Instruction ID: a7d461f01c465ad81ef6f68bf053c39e9b8889e3b99de4453463529b45a1a448
Opcode Fuzzy Hash: b1c42bc5a78b5cc23937883bdf7f8b37a50207ed4b5ef83d6c4ff36a18ee56f5
Instruction Fuzzy Hash: B1E01A70804208DFCB409FA4D90867DBBB3BF08320B10A408E84AE7350CB395902DF40

Function 006D4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 00667620: _wcslen.LIBCMT ref: 00667625

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 006D4ED4

Strings

*, xrefs: 006D4E10
LPT, xrefs: 006D4DFB

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: bb89e306c56a33131f760844b01e2dd62178df5609c704d5280fecc44118fa6b
Instruction ID: 9e5b52d2343a30175b2d94ee2c911f3a0737dd5abaf907b86f9548a47ac01d9f
Opcode Fuzzy Hash: bb89e306c56a33131f760844b01e2dd62178df5609c704d5280fecc44118fa6b
Instruction Fuzzy Hash: 5E914075E042449FCB14DF54C484EA9BBF6BF84304F15809AE40A9F362DB35ED85CB91

Function 0068E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 0068E30D

Strings

pow, xrefs: 0068E2E5, 0068E302

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 1a5731125ea1c9361f34307ebd734cf51329e7c6c151e9f3f87d18b38b4da156
Instruction ID: bbb87fb359b733b0043b9cd37a1c5cd1458f05a291f3c0b2010b2e742d0bcb6f
Opcode Fuzzy Hash: 1a5731125ea1c9361f34307ebd734cf51329e7c6c151e9f3f87d18b38b4da156
Instruction Fuzzy Hash: AD513B61A2C202D7CF157714C9053F93BAAAF40740F348B59E095827E9DF368D969B8A

Function 006E7771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(006B569E,00000000,?,006FCC08,?,00000000,00000000), ref: 006E78DD

Part of subcall function 00666B57: _wcslen.LIBCMT ref: 00666B6A

CharUpperBuffW.USER32(006B569E,00000000,?,006FCC08,00000000,?,00000000,00000000), ref: 006E783B

Strings

<sr, xrefs: 006E77C8

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: BuffCharUpper$_wcslen
String ID: <sr
API String ID: 3544283678-1747582915
Opcode ID: 78265a00fffe473946a68f2eb84e2b5598bd37f14357f7fd0b57419632ccc49e
Instruction ID: ff697a78720a7e65cd515a227a1b209c27337d5f4dbd3b0855e2d035d54e82e9
Opcode Fuzzy Hash: 78265a00fffe473946a68f2eb84e2b5598bd37f14357f7fd0b57419632ccc49e
Instruction Fuzzy Hash: 8B617F72914268EACF44EBE5DC91DFEB37ABF24300B544129F542B3292EF345A05DBA4

Function 0067E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 0067E1B1

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 104fd5357aca55081308bd0a24d6e0a3a3599d41293863e02b4d902435333670
Instruction ID: 3573110bf16736fa187bc0b40e699098e845bf764381b2abb37f3070d8314fd7
Opcode Fuzzy Hash: 104fd5357aca55081308bd0a24d6e0a3a3599d41293863e02b4d902435333670
Instruction Fuzzy Hash: 425166B5504246EFDB14DF68C0406FA7BAAEF19310F248069EC919B3D1DA369E87CB90

Function 0067F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 0067F2A2
GlobalMemoryStatusEx.KERNEL32(?), ref: 0067F2BB

Strings

@, xrefs: 0067F2AF

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: 4722e77a45e94b86f5db1aa9490b8f1b6e8b0db2178a6aa1076cfb20de41a329
Instruction ID: 502626d3de79ba75a0eb7ddb9bd99670fdaa646508f4a891a13442e53b0720c3
Opcode Fuzzy Hash: 4722e77a45e94b86f5db1aa9490b8f1b6e8b0db2178a6aa1076cfb20de41a329
Instruction Fuzzy Hash: A95176714187849BD320AF50DC86BABBBF9FF84314F81884CF2D9410A5EB719529CB6B

Function 006E5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 006E57E0
_wcslen.LIBCMT ref: 006E57EC

Strings

CALLARGARRAY, xrefs: 006E57E6, 006E57EB

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: BuffCharUpper_wcslen
String ID: CALLARGARRAY
API String ID: 157775604-1150593374
Opcode ID: 9e0dcde8f9a017327a708d170354ecff37e2b1bb3c4a91eaf2faeb74b4ea0c23
Instruction ID: 058b7df087d1e9d4035dd5383e7872cc017e1cd1b8b1696f212951bb48caee46
Opcode Fuzzy Hash: 9e0dcde8f9a017327a708d170354ecff37e2b1bb3c4a91eaf2faeb74b4ea0c23
Instruction Fuzzy Hash: D0419031A012199FCB14DFA9C8819FEBBF6EF59324F14416DE506A7391E7309D81CBA4

Function 006DD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 006DD130
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 006DD13A

Strings

|, xrefs: 006DD10B

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CrackInternet_wcslen
String ID: |
API String ID: 596671847-2343686810
Opcode ID: 9bc440f2e6582ed948b78f9b4b8bd19d8073437162b3fa9c6f3de926f017faa5
Instruction ID: 3eafa7b770bddfea7470dd77e7bcc1c29cece1f8b7b89257d42fcfe0f655fae7
Opcode Fuzzy Hash: 9bc440f2e6582ed948b78f9b4b8bd19d8073437162b3fa9c6f3de926f017faa5
Instruction Fuzzy Hash: 0F313E71D00209ABCF55EFA4DC85AEEBFBAFF04304F00011DF815A6265DB31AA06DBA4

Function 006F356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 006F3621
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 006F365C

Strings

static, xrefs: 006F35BC

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: b55e163f39a12e0e9ab623f89eb3abb3079661ef994de163494b07db96b6050b
Instruction ID: 9667d1f2a6fd30e1038d6b4a06791ccbcf13c13f0e35bcf3766138b4d702da9b
Opcode Fuzzy Hash: b55e163f39a12e0e9ab623f89eb3abb3079661ef994de163494b07db96b6050b
Instruction Fuzzy Hash: 1A318C71100608AEDB109F68DC81AFB73AAFF88724F00961DFAA5D7290DA31ED81D764

Function 006F4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 006F461F
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 006F4634

Strings

', xrefs: 006F458E

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: 003bd821bd1cb28f06fcb5556552edac936be04b52d9dfb7f72204f3ff129967
Instruction ID: 324f929cb2278e56bb8a66bf3cdade16963c44908be61f1adee7e98dfcf69b78
Opcode Fuzzy Hash: 003bd821bd1cb28f06fcb5556552edac936be04b52d9dfb7f72204f3ff129967
Instruction Fuzzy Hash: 83311874A0120D9FDB14DFA9C990BEA7BB6FF49340F14406AEA05EB751DB70A941CF90

Function 006F31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 006F327C
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 006F3287

Strings

Combobox, xrefs: 006F3249

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: 694183e1086649eecc9a5ffc3493edbbc32b3f08bd31452778daedeeaf0ec161
Instruction ID: d043fb3154d8e6eec4ca525912716420ceaba576341b56ffa1f86486f72b63b2
Opcode Fuzzy Hash: 694183e1086649eecc9a5ffc3493edbbc32b3f08bd31452778daedeeaf0ec161
Instruction Fuzzy Hash: 3B11907120021C6FFF259F54DC81EFB376BEB94364F104129FA1897390D6359E519760

Function 006F3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 0066600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0066604C
Part of subcall function 0066600E: GetStockObject.GDI32(00000011), ref: 00666060
Part of subcall function 0066600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0066606A

GetWindowRect.USER32(00000000,?), ref: 006F377A
GetSysColor.USER32(00000012), ref: 006F3794

Strings

static, xrefs: 006F3757

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: b4a389adf8a9e7465f42f1d2df67e9ce1abfe2ca6948566ac1a71fe4f1136b77
Instruction ID: 0131ff546eeb80798982fa5f3a8f5ddd9acfbe227bfb88d82af87e7ec3cae2a1
Opcode Fuzzy Hash: b4a389adf8a9e7465f42f1d2df67e9ce1abfe2ca6948566ac1a71fe4f1136b77
Instruction Fuzzy Hash: C61129B261021EAFDB00EFA8CD45AFA7BB9EB08314F004914FA55E2250D735E851DB50

Function 006DCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 006DCD7D
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 006DCDA6

Strings

<local>, xrefs: 006DCD66

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: 15087db626e66d342681ef7530799e3089c58beb4485bc7e8ef7da38e7c79f6c
Instruction ID: 1449cb66f18cb6051a7dd12bcf00a6156f4eb9d9c309175e4f30e929a1fc7150
Opcode Fuzzy Hash: 15087db626e66d342681ef7530799e3089c58beb4485bc7e8ef7da38e7c79f6c
Instruction Fuzzy Hash: 8911C671A0563A7AD7384B668C45EF7BE6FEF527B4F004227B10983280D7749941D6F0

Function 006F3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 006F34AB
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 006F34BA

Strings

edit, xrefs: 006F348F

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: e1274e3a9ac1ed04816fcfbc1120a971a63db561fc23e680eb983a621c57c6a6
Instruction ID: 908d057f0edb707704dcb2ac4752f515b451632e9cdb91c90854a540e9180481
Opcode Fuzzy Hash: e1274e3a9ac1ed04816fcfbc1120a971a63db561fc23e680eb983a621c57c6a6
Instruction Fuzzy Hash: 66116A7110021CAAEB128E64DC44AFA37ABEB05374F504724FA61933E0C775DC519B64

Function 006C6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

CharUpperBuffW.USER32(?,?,?), ref: 006C6CB6
_wcslen.LIBCMT ref: 006C6CC2

Strings

STOP, xrefs: 006C6CBC, 006C6CC1

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: 4a5cb1a1d74bb913e6f498a65b9fa31138e1531a3f3ecb252d41d2703245d226
Instruction ID: 0fa4dad45931f93a4dafb91c361f5f0e8020539b18b524a4f58b03a859f36ee9
Opcode Fuzzy Hash: 4a5cb1a1d74bb913e6f498a65b9fa31138e1531a3f3ecb252d41d2703245d226
Instruction Fuzzy Hash: 1F01C4326045268BCB20AFBDDC81EFF77B7EF61720710052CF86297294EA31E900C658

Function 006C1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

Part of subcall function 006C3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 006C3CCA

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 006C1D4C

Strings

ComboBox, xrefs: 006C1CEB
ListBox, xrefs: 006C1D16

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: ce8c06e6a7cc07ce095945819138400ad5b51b89123972bb880bf3f521f1d2fb
Instruction ID: a426c2cbc72a97ff73ba222b016008c7ad398e5138cd8360e5501d6a77def409
Opcode Fuzzy Hash: ce8c06e6a7cc07ce095945819138400ad5b51b89123972bb880bf3f521f1d2fb
Instruction Fuzzy Hash: 4B01DD716011286BCB08EBA4CD51DFE736AEF57350B14091DF8239B3C2DA309909C770

Function 006C1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

Part of subcall function 006C3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 006C3CCA

SendMessageW.USER32(?,00000180,00000000,?), ref: 006C1C46

Strings

ComboBox, xrefs: 006C1BE5
ListBox, xrefs: 006C1C10

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 39dc90e736fbac21fd969503c6cb809a720132c9dc3c7f7378584cc377367b2a
Instruction ID: c6ef4e4d4701abcd03295430812b5d5d6c53f842e51f1ff3ad561eb769821cdc
Opcode Fuzzy Hash: 39dc90e736fbac21fd969503c6cb809a720132c9dc3c7f7378584cc377367b2a
Instruction Fuzzy Hash: FA01A7B568111867CB08EB90CA51FFF77AEDB13340F14001DB80667282EA389E19E6B5

Function 006C1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

Part of subcall function 006C3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 006C3CCA

SendMessageW.USER32(?,00000182,?,00000000), ref: 006C1CC8

Strings

ComboBox, xrefs: 006C1C69
ListBox, xrefs: 006C1C94

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 5a12d2ef14ca5bfd3f1c724803481ee885fb3a986a4d3a02f53f540650a9bd5f
Instruction ID: f3dfa785304de182ed39d74dcc60de4f18525961f2dce3c66c4eba9366337082
Opcode Fuzzy Hash: 5a12d2ef14ca5bfd3f1c724803481ee885fb3a986a4d3a02f53f540650a9bd5f
Instruction Fuzzy Hash: 31018FB168011867CB04EBA0CA11FFE73AEDB13340B14001DB802A7282EA389E19D675

Function 0067A4D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 0067A529

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

Strings

3yk, xrefs: 0067A545, 0067A54D, 0067A552
,%s, xrefs: 0067A509

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Init_thread_footer_wcslen
String ID: ,%s$3yk
API String ID: 2551934079-1367514051
Opcode ID: b324401d616c3409cec69c84d15beb0dc35d59077a3d83924835d1a7f33253fb
Instruction ID: b915a2f7534704634dd5c1b4e23d9bb6da2ca1ec7da97b2df09ec53d51faa28f
Opcode Fuzzy Hash: b324401d616c3409cec69c84d15beb0dc35d59077a3d83924835d1a7f33253fb
Instruction Fuzzy Hash: F0017B3170061497E540F3B8D81BAAD335BDB85720F00846CF509572C3EE605E068B9F

Function 006C1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00669CB3: _wcslen.LIBCMT ref: 00669CBD

Part of subcall function 006C3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 006C3CCA

SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 006C1DD3

Strings

ComboBox, xrefs: 006C1D75
ListBox, xrefs: 006C1DA0

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 3013f52b8a780acf3976c5d5522ca59129d665165f80b7af29129d1bbf79753e
Instruction ID: 7946cc0a67c6dace8eed1d3211b1d3ae601be89281067922bfe5fdf155573da4
Opcode Fuzzy Hash: 3013f52b8a780acf3976c5d5522ca59129d665165f80b7af29129d1bbf79753e
Instruction Fuzzy Hash: 89F0A4B1A4122867DB08F7A4DD52FFE777EEF13350F04091DB822A72C6DA7069088674

Function 006F8172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00733018,0073305C), ref: 006F81BF
CloseHandle.KERNEL32 ref: 006F81D1

Strings

\0s, xrefs: 006F818A

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: \0s
API String ID: 3712363035-2360154291
Opcode ID: 52bf9033027427b6602c10121ba1e376d04c1e7cc8fe0c6ced307bf6042a16ea
Instruction ID: 1cced3c5e1c0cbffa53e9711663da9f33cad12c0882034deafb4135d00f6b798
Opcode Fuzzy Hash: 52bf9033027427b6602c10121ba1e376d04c1e7cc8fe0c6ced307bf6042a16ea
Instruction Fuzzy Hash: 4FF05EF2A40314BFF3346765AC55FB73A9EDB05752F004425BB08D61A2D67E8A0497BC

Function 006E747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 006E7493
_wcslen.LIBCMT ref: 006E74B9

Strings

3, 3, 16, 1, xrefs: 006E7483

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: _wcslen
String ID: 3, 3, 16, 1
API String ID: 176396367-3042988571
Opcode ID: 9a6ae8c578d556165bf7005b1f4c733c4de2694a04c92f4fedb2c8ead91c23c8
Instruction ID: 96bf6aab343b444188a1361d373a9976dd25adfb046d164898ff908b2b100c43
Opcode Fuzzy Hash: 9a6ae8c578d556165bf7005b1f4c733c4de2694a04c92f4fedb2c8ead91c23c8
Instruction Fuzzy Hash: D5E02B022063A1509271227BADC19BF57CBCFC9750710182FF985C23AAEE94CD9193E4

Function 006C0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 006C0B23

Strings

Error allocating memory., xrefs: 006C0B1C
AutoIt, xrefs: 006C0B17

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: ee45b80e6244d9ad9ef73249cf79b1d030e9d65445e6cc5ae35f7939ef6a241b
Instruction ID: 86ff2ad3b6071d3d63115475e4b148e269c46e88076fbfbca88990f016a3981c
Opcode Fuzzy Hash: ee45b80e6244d9ad9ef73249cf79b1d030e9d65445e6cc5ae35f7939ef6a241b
Instruction Fuzzy Hash: F2E04F3228931C7AD2643795BD07FD97A868F05B61F10442EFB98955C38EE2689086ED

Function 00680D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 0067F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00680D71,?,?,?,0066100A), ref: 0067F7CE

IsDebuggerPresent.KERNEL32(?,?,?,0066100A), ref: 00680D75
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0066100A), ref: 00680D84

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00680D7F

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: 236416d752bfd11479511d12580afa144d6423c540312a51b934c6b1db25806f
Instruction ID: 5dce1b37e482b5c573687c98d0a6cf35b5dec1f87dacbf58e9b09d0b36833e19
Opcode Fuzzy Hash: 236416d752bfd11479511d12580afa144d6423c540312a51b934c6b1db25806f
Instruction Fuzzy Hash: 71E06D702003118BE3A0AFBCE9047527BE6AF00740F008E2DE486C6751DBB5E448CB91

Function 0067E398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 0067E3D5

Strings

0%s, xrefs: 0067E3B5
8%s, xrefs: 0067E3CA

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: 0%s$8%s
API String ID: 1385522511-4174055574
Opcode ID: 1c0dd287e96a12dbd015b9010324619d7eb04e266e2d5359801f682d06bef8c2
Instruction ID: 1663aee9302b4be1bf31589124d7b6f8832ad0f93dd2836b2c238b13d3e93e0f
Opcode Fuzzy Hash: 1c0dd287e96a12dbd015b9010324619d7eb04e266e2d5359801f682d06bef8c2
Instruction Fuzzy Hash: B4E02032408D10CBF644E718B454B883357AB0C330B1082F8E245871D3DB7B1A47874C

Function 006D3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,00000001), ref: 006D302F
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 006D3044

Strings

aut, xrefs: 006D3038

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: 3590452964f693e0488cc5b92f5b7a024d0ba37aa43c6c189709719e339eae94
Instruction ID: 95655bdee86c1587e154d112decb4e31e6ffb759d59a512c4a006d8699afb6be
Opcode Fuzzy Hash: 3590452964f693e0488cc5b92f5b7a024d0ba37aa43c6c189709719e339eae94
Instruction Fuzzy Hash: A2D05B7150032867DB209794AD0DFD73A6CD704760F0001517655D2091DAB49644CAD0

Function 006BD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 006BD220

Strings

X64, xrefs: 006BD2A8
%.3d, xrefs: 006BD22B

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: 741c6647de700b8958433c8450c70f65dba9e0a7a355f9495e61563e0de48f9b
Instruction ID: fed256f18a8f2e3f9fc485f2d6be91a15021d68596cd5ee9110ff8577b707093
Opcode Fuzzy Hash: 741c6647de700b8958433c8450c70f65dba9e0a7a355f9495e61563e0de48f9b
Instruction Fuzzy Hash: 4CD012E1C09158E9CB90D7E0DD45CF9B37EEB08301F508466FA0A95041F638C78AAB61

Function 006F2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 006F236C
PostMessageW.USER32(00000000), ref: 006F2373

Part of subcall function 006CE97B: Sleep.KERNEL32 ref: 006CE9F3

Strings

Shell_TrayWnd, xrefs: 006F2365

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: e9c25b8aa0fbc670d850bbeaa479b10e854469c02a8f24929c24c25269dbef44
Instruction ID: ffce473c223436b1d311e0fa7c83086db60f294fd3eb30568be2b419e7acca7f
Opcode Fuzzy Hash: e9c25b8aa0fbc670d850bbeaa479b10e854469c02a8f24929c24c25269dbef44
Instruction Fuzzy Hash: 8AD012723C53147BE7A4B770ED0FFD676269B05B20F00591A7745EA1D4C9F4B811CA58

Function 006F2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 006F232C
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 006F233F

Part of subcall function 006CE97B: Sleep.KERNEL32 ref: 006CE9F3

Strings

Shell_TrayWnd, xrefs: 006F2325

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 908ead4a829ffc53d08a3207ff4ced3734932ba1dc0a06a6d80d067f12aa21d3
Instruction ID: 923a4891786eace907370327d9adb69af47046e06a5797eee700fe300f6c4f6b
Opcode Fuzzy Hash: 908ead4a829ffc53d08a3207ff4ced3734932ba1dc0a06a6d80d067f12aa21d3
Instruction Fuzzy Hash: 28D01276394314B7E7A4B770ED0FFE67A269B00B20F00591A7745EA1D4C9F4A811CA54

Function 0069BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0069BE93
GetLastError.KERNEL32 ref: 0069BEA1
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0069BEFC

Memory Dump Source

Source File: 00000000.00000002.3373219950.0000000000661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00660000, based on PE: true

Associated: 00000000.00000002.3373191075.0000000000660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.00000000006FC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373376925.000000000072C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3373403043.0000000000734000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_660000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: c252d7ffe5632e158775825d9e35476e13c1e28c34a59f8245dc76eb9676c516
Instruction ID: 9d2b7ff06629b4f514ecb58b5051201b5c5dab13d739e42a489ad11cd4911d14
Opcode Fuzzy Hash: c252d7ffe5632e158775825d9e35476e13c1e28c34a59f8245dc76eb9676c516
Instruction Fuzzy Hash: 7941193460420AEFCF219FA4EE54AFA7BAFEF41360F145169F959976A1DB308D01CB50

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Chrome Cache Entry: 162

Chrome Cache Entry: 163

Chrome Cache Entry: 164

Chrome Cache Entry: 165

Chrome Cache Entry: 166

Chrome Cache Entry: 167

Chrome Cache Entry: 168

Chrome Cache Entry: 169

Chrome Cache Entry: 170

Static File Info

General

File Icon

Windows Analysis Report
file.exe

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre