Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1528363
MD5:	e5dee324e4d2c335dc57f68ab1230b91
SHA1:	f12babfaa76b5466b3464b6f7e164a16997a08e9
SHA256:	e1cb3fa706ea73b4ac3d0d19305f935c60ec02466955b08cd959008675d007aa
Tags:	exeuser-Bitsight
Infos:

Detection

Credential Flusher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Credential Flusher

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

Found API chain indicative of sandbox detection

Machine Learning detection for sample

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Sample execution stops while process was sleeping (likely an evasion)

Sleep loop found (likely to delay execution)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Classification

Process Tree

System is w10x64

file.exe (PID: 4192 cmdline: "C:\Users\user\Desktop\file.exe" MD5: E5DEE324E4D2C335DC57F68AB1230B91)

taskkill.exe (PID: 2944 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 1456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4956 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 2736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 180 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6728 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6724 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 2496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6096 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 2844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 7164 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=2008,i,16001963965146608376,17466102332235184443,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5356 --field-trial-handle=2008,i,16001963965146608376,17466102332235184443,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=2008,i,16001963965146608376,17466102332235184443,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: file.exe PID: 4192	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security

String found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 518sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_137.13.dr	String found in binary or memory: https://accounts.google.com
Source: chromecache_137.13.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: chromecache_149.13.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_137.13.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_137.13.dr	String found in binary or memory: https://families.google.com/intl/
Source: chromecache_149.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_149.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_137.13.dr	String found in binary or memory: https://g.co/recover
Source: chromecache_137.13.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_137.13.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_137.13.dr	String found in binary or memory: https://play.google/intl/
Source: chromecache_137.13.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_137.13.dr	String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_137.13.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_137.13.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_137.13.dr	String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_137.13.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_137.13.dr	String found in binary or memory: https://policies.google.com/terms/location
Source: chromecache_137.13.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
Source: chromecache_137.13.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_137.13.dr	String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_137.13.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_149.13.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_137.13.dr	String found in binary or memory: https://www.google.com
Source: chromecache_137.13.dr	String found in binary or memory: https://www.google.com/intl/
Source: chromecache_149.13.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_149.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_149.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_149.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_149.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_149.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_137.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_137.13.dr	String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: file.exe, 00000000.00000003.1695529510.0000000000F04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: file.exe, 00000000.00000003.2925960228.000000000169E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2927003587.000000000169F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwduser
Source: chromecache_137.13.dr	String found in binary or memory: https://youtube.com/t/terms?gl=

Source: unknown	Network traffic detected: HTTP traffic on port 60311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60334 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 60277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60357 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60411
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60410
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60419
Source: unknown	Network traffic detected: HTTP traffic on port 60219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60418
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60417
Source: unknown	Network traffic detected: HTTP traffic on port 60437 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60416
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60415
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60414
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60413
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60412
Source: unknown	Network traffic detected: HTTP traffic on port 60220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60301
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60422
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60300
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60421
Source: unknown	Network traffic detected: HTTP traffic on port 60369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60420
Source: unknown	Network traffic detected: HTTP traffic on port 60323 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60426 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60309
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60308
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60429
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60307
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60428
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60427
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60305
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60426
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60425
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60303
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60424
Source: unknown	Network traffic detected: HTTP traffic on port 60231 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60423
Source: unknown	Network traffic detected: HTTP traffic on port 60208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60312
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60433
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60432
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60431
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60430
Source: unknown	Network traffic detected: HTTP traffic on port 60425 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60319
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60318
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60439
Source: unknown	Network traffic detected: HTTP traffic on port 60255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60438
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60316
Source: unknown	Network traffic detected: HTTP traffic on port 60368 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60437
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60436
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60314
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60435
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60313
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60434
Source: unknown	Network traffic detected: HTTP traffic on port 60310 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60391 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60323
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60322
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60321
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60320
Source: unknown	Network traffic detected: HTTP traffic on port 60403 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60440
Source: unknown	Network traffic detected: HTTP traffic on port 60289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60208
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60329
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60207
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60328
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60327
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60205
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60325
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60324
Source: unknown	Network traffic detected: HTTP traffic on port 60346 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 60187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60427 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60333 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60415 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60379 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60344 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 60218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 60252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 60416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60378 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60322 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60409
Source: unknown	Network traffic detected: HTTP traffic on port 60186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60356 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60300 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60408
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60407
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60406
Source: unknown	Network traffic detected: HTTP traffic on port 60197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60405
Source: unknown	Network traffic detected: HTTP traffic on port 60438 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60404
Source: unknown	Network traffic detected: HTTP traffic on port 60367 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60403
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60402
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60401
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60260
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60381
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60380
Source: unknown	Network traffic detected: HTTP traffic on port 60372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60257
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60378
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60377
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60255
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60376
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60254
Source: unknown	Network traffic detected: HTTP traffic on port 60263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60375
Source: unknown	Network traffic detected: HTTP traffic on port 60395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60253
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60374
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60252
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60373
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60251
Source: unknown	Network traffic detected: HTTP traffic on port 60286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60372
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60250
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60371
Source: unknown	Network traffic detected: HTTP traffic on port 60234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60259
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60258
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60379
Source: unknown	Network traffic detected: HTTP traffic on port 60171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60271
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60392
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60270
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60391
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60390
Source: unknown	Network traffic detected: HTTP traffic on port 60337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60268
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60389
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60388
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60387
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60386
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60264
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60385
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60263
Source: unknown	Network traffic detected: HTTP traffic on port 60302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60384
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60262
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60383
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60261
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60382
Source: unknown	Network traffic detected: HTTP traffic on port 60405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60361 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60269
Source: unknown	Network traffic detected: HTTP traffic on port 60275 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60298 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60282
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60281
Source: unknown	Network traffic detected: HTTP traffic on port 60200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60279
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60278
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60399
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60277
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60398
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60276
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60397
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60275
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60396
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60274
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60395
Source: unknown	Network traffic detected: HTTP traffic on port 60182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60273
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60394
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60272
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60393
Source: unknown	Network traffic detected: HTTP traffic on port 60406 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60439 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60326 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60383 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60440 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60293
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60171
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60292
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60291
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60290
Source: unknown	Network traffic detected: HTTP traffic on port 60222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60289
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60288
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60167
Source: unknown	Network traffic detected: HTTP traffic on port 60394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60428 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60166
Source: unknown	Network traffic detected: HTTP traffic on port 60264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60287
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60286
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60285
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60284
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60283
Source: unknown	Network traffic detected: HTTP traffic on port 60233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60213
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60334
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60212
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60333
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60211
Source: unknown	Network traffic detected: HTTP traffic on port 60324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60332
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60210
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60331
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60330
Source: unknown	Network traffic detected: HTTP traffic on port 60184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60219
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60218
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60339
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60338
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60216
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60337
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60336
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60214
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60335
Source: unknown	Network traffic detected: HTTP traffic on port 60347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60358 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60393 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60224
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60345
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60223
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60344
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60222
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60221
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60342
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60220
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60341
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60340
Source: unknown	Network traffic detected: HTTP traffic on port 60287 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60229
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60228
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60349
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60227
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60226
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60347
Source: unknown	Network traffic detected: HTTP traffic on port 60382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60225
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60346
Source: unknown	Network traffic detected: HTTP traffic on port 60359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60336 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60235
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60356
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60234
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60355
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60233
Source: unknown	Network traffic detected: HTTP traffic on port 60265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60354
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60353
Source: unknown	Network traffic detected: HTTP traffic on port 60429 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60231
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60230
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60351
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60350
Source: unknown	Network traffic detected: HTTP traffic on port 60288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60239
Source: unknown	Network traffic detected: HTTP traffic on port 60381 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60359
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60237
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60358
Source: unknown	Network traffic detected: HTTP traffic on port 60232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60236
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60357
Source: unknown	Network traffic detected: HTTP traffic on port 60299 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60370
Source: unknown	Network traffic detected: HTTP traffic on port 60209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60246
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60367
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60245
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60244
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60365
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60243
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60364
Source: unknown	Network traffic detected: HTTP traffic on port 60183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60242
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60363
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60241
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60362
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60240
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60361
Source: unknown	Network traffic detected: HTTP traffic on port 60407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60360
Source: unknown	Network traffic detected: HTTP traffic on port 60430 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60249
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60248
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60369
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60247
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60368
Source: unknown	Network traffic detected: HTTP traffic on port 60202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60283 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60328 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60375 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60294 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60340 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60397 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60284 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60431 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60341 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60295 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60261 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60329 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60363 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60273 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60183
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60181
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60180
Source: unknown	Network traffic detected: HTTP traffic on port 60338 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60299
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60297
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60176
Source: unknown	Network traffic detected: HTTP traffic on port 60433 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60296
Source: unknown	Network traffic detected: HTTP traffic on port 60410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60295
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60294
Source: unknown	Network traffic detected: HTTP traffic on port 60362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60194
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60190
Source: unknown	Network traffic detected: HTTP traffic on port 60224 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60262 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60189
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60188
Source: unknown	Network traffic detected: HTTP traffic on port 60396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60187
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60186
Source: unknown	Network traffic detected: HTTP traffic on port 60409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60185
Source: unknown	Network traffic detected: HTTP traffic on port 60181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60184
Source: unknown	Network traffic detected: HTTP traffic on port 60327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60198
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60196
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60195
Source: unknown	Network traffic detected: HTTP traffic on port 60169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60373 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60339 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60285 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60177 -> 443

Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:60167 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:60168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:60192 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:60368 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AFEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_00AFEAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AFED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_00AFED6A

Source: C:\Users\user\Desktop\file.exe

0_2_00AFEAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AEAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

0_2_00AEAA57

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B19576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_00B19576

System Summary

Binary is likely a compiled AutoIt script file

Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_ee60df9a-e
Source: file.exe, 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_3b9942b5-d
Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_37a0b434-1
Source: file.exe	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_92e16274-8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AED5EB: CreateFileW,DeviceIoControl,CloseHandle,

0_2_00AED5EB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AE1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00AE1201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AEE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_00AEE8F6

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A88060	0_2_00A88060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF2046	0_2_00AF2046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE8298	0_2_00AE8298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABE4FF	0_2_00ABE4FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB676B	0_2_00AB676B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B14873	0_2_00B14873
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AACAA0	0_2_00AACAA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8CAF0	0_2_00A8CAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9CC39	0_2_00A9CC39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB6DD9	0_2_00AB6DD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9D063	0_2_00A9D063
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A891C0	0_2_00A891C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9B119	0_2_00A9B119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA1394	0_2_00AA1394
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA1706	0_2_00AA1706
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA781B	0_2_00AA781B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA19B0	0_2_00AA19B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A87920	0_2_00A87920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9997D	0_2_00A9997D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA7A4A	0_2_00AA7A4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA7CA7	0_2_00AA7CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA1C77	0_2_00AA1C77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB9EEE	0_2_00AB9EEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0BE44	0_2_00B0BE44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA1F32	0_2_00AA1F32

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00A9F9F2 appears 31 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00AA0A30 appears 46 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal64.troj.evad.winEXE@51/30@12/6

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AF37B5 GetLastError,FormatMessageW,

0_2_00AF37B5

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE10BF AdjustTokenPrivileges,CloseHandle,		0_2_00AE10BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		0_2_00AE16C3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AF51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_00AF51CD

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B0A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_00B0A67C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AF648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

0_2_00AF648E

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A842A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_00A842A2

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1456:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2736:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2496:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6728:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2844:120:WilError_03

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=2008,i,16001963965146608376,17466102332235184443,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5356 --field-trial-handle=2008,i,16001963965146608376,17466102332235184443,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=2008,i,16001963965146608376,17466102332235184443,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=2008,i,16001963965146608376,17466102332235184443,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5356 --field-trial-handle=2008,i,16001963965146608376,17466102332235184443,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=2008,i,16001963965146608376,17466102332235184443,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00A842DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AA0A76 push ecx; ret

0_2_00AA0A89

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_00A9F98E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B11C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_00B11C41

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\Desktop\file.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_0-96015

Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 7291			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window / User API: foregroundWindowGot 1774			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

API coverage: 3.6 %

Source: C:\Users\user\Desktop\file.exe TID: 2492

Thread sleep time: -72910s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

Thread sleep count: Count: 7291 delay: -10

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	0_2_00AEDBBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF68EE FindFirstFileW,FindClose,	0_2_00AF68EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	0_2_00AF698F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00AED076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00AED3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00AF9642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00AF979D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00AF9B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF5C97 FindFirstFileW,FindNextFileW,FindClose,	0_2_00AF5C97

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00A842DE

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AFEAA2 BlockInput,

0_2_00AFEAA2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AB2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00AB2622

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00A842DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AA4CE8 mov eax, dword ptr fs:[00000030h]

0_2_00AA4CE8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AE0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

0_2_00AE0B62

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00AB2622
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00AA083F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA09D5 SetUnhandledExceptionFilter,	0_2_00AA09D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00AA0C21

Source: C:\Users\user\Desktop\file.exe

0_2_00AE1201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AC2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_00AC2BA5

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AEB226 SendInput,keybd_event,

0_2_00AEB226

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B022DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

0_2_00B022DA

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00AE0B62

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AE1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00AE1663

Source: file.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AA0698 cpuid

0_2_00AA0698

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AF8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,

0_2_00AF8195

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00ADD27A GetUserNameW,

0_2_00ADD27A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00ABBB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_00ABBB6F

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00A842DE

Stealing of Sensitive Information

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: file.exe PID: 4192, type: MEMORYSTR

Source: file.exe	Binary or memory string: WIN_81
Source: file.exe	Binary or memory string: WIN_XP
Source: file.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe	Binary or memory string: WIN_XPe
Source: file.exe	Binary or memory string: WIN_VISTA
Source: file.exe	Binary or memory string: WIN_7
Source: file.exe	Binary or memory string: WIN_8

Remote Access Functionality

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: file.exe PID: 4192, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B01204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		0_2_00B01204
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B01806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		0_2_00B01806

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	2 Disable or Modify Tools	21 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	21 Input Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Valid Accounts	2 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	3 Clipboard Data	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	16 System Information Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	2 Process Injection	2 Valid Accounts	LSA Secrets	12 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	12 Virtualization/Sandbox Evasion	Cached Domain Credentials	12 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Access Token Manipulation	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Process Injection	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://play.google/intl/	0%	URL Reputation	safe
https://families.google.com/intl/	0%	URL Reputation	safe
https://policies.google.com/technologies/location-data	0%	URL Reputation	safe
https://apis.google.com/js/api.js	0%	URL Reputation	safe
https://policies.google.com/privacy/google-partners	0%	URL Reputation	safe
https://policies.google.com/terms/service-specific	0%	URL Reputation	safe
https://g.co/recover	0%	URL Reputation	safe
https://policies.google.com/privacy/additional	0%	URL Reputation	safe
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	0%	URL Reputation	safe
https://policies.google.com/technologies/cookies	0%	URL Reputation	safe
https://policies.google.com/terms	0%	URL Reputation	safe
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	0%	URL Reputation	safe
https://support.google.com/accounts?hl=	0%	URL Reputation	safe
https://policies.google.com/terms/location	0%	URL Reputation	safe
https://policies.google.com/privacy	0%	URL Reputation	safe
https://support.google.com/accounts?p=new-si-ui	0%	URL Reputation	safe
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
youtube-ui.l.google.com	142.250.185.174	true	false	unknown
www3.l.google.com	142.250.185.174	true	false	unknown
play.google.com	142.250.185.238	true	false	unknown
www.google.com	142.250.185.132	true	false	unknown
youtube.com	142.250.184.238	true	false	unknown
accounts.youtube.com	unknown	unknown	false	unknown
www.youtube.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://play.google.com/log?format=json&hasfast=true&authuser=0	false	unknown
https://www.google.com/favicon.ico	false	unknown
https://play.google.com/log?hasfast=true&authuser=0&format=json	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://play.google/intl/	chromecache_137.13.dr	false	URL Reputation: safe	unknown
https://families.google.com/intl/	chromecache_137.13.dr	false	URL Reputation: safe	unknown
https://youtube.com/t/terms?gl=	chromecache_137.13.dr	false		unknown
https://policies.google.com/technologies/location-data	chromecache_137.13.dr	false	URL Reputation: safe	unknown
https://www.google.com/intl/	chromecache_137.13.dr	false		unknown
https://apis.google.com/js/api.js	chromecache_149.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/google-partners	chromecache_137.13.dr	false	URL Reputation: safe	unknown
https://play.google.com/work/enroll?identifier=	chromecache_137.13.dr	false		unknown
https://policies.google.com/terms/service-specific	chromecache_137.13.dr	false	URL Reputation: safe	unknown
https://g.co/recover	chromecache_137.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/additional	chromecache_137.13.dr	false	URL Reputation: safe	unknown
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	chromecache_137.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/technologies/cookies	chromecache_137.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms	chromecache_137.13.dr	false	URL Reputation: safe	unknown
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	chromecache_149.13.dr	false	URL Reputation: safe	unknown
https://www.google.com	chromecache_137.13.dr	false		unknown
https://play.google.com/log?format=json&hasfast=true	chromecache_137.13.dr	false		unknown
https://www.youtube.com/t/terms?chromeless=1&hl=	chromecache_137.13.dr	false		unknown
https://support.google.com/accounts?hl=	chromecache_137.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms/location	chromecache_137.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy	chromecache_137.13.dr	false	URL Reputation: safe	unknown
https://support.google.com/accounts?p=new-si-ui	chromecache_137.13.dr	false	URL Reputation: safe	unknown
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	chromecache_137.13.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.78	unknown	United States	15169	GOOGLEUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
142.250.185.238	play.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.174	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528363
Start date and time:	2024-10-07 20:45:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal64.troj.evad.winEXE@51/30@12/6
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 39 Number of non-executed functions: 310
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.67, 142.250.184.238, 64.233.167.84, 34.104.35.123, 184.28.90.27, 142.250.185.227, 142.250.184.227, 216.58.206.42, 142.250.186.74, 142.250.185.138, 216.58.206.74, 142.250.185.74, 142.250.185.202, 142.250.184.202, 142.250.181.234, 172.217.16.138, 142.250.185.234, 172.217.18.10, 142.250.186.42, 142.250.185.170, 142.250.184.234, 142.250.185.106, 216.58.212.170, 172.217.16.202, 142.250.186.170, 142.250.186.106, 2.16.100.168, 192.229.221.95, 142.250.186.163, 66.102.1.84, 216.58.206.46
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, e16604.g.akamaiedge.net, update.googleapis.com, clients.l.google.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, optimizationguide-pa.googleapis.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://entertaininmotionre.pro/IQCm/	Get hash	malicious	HTMLPhisher	Browse
	https://dsdhie.org/dsjhem	Get hash	malicious	Unknown	Browse
	https://ipp.safetyworksolutions.com/	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	https://dsdhie.org/dsjhem	Get hash	malicious	Unknown	Browse
	https://cloudshare.weil.com/invitations?share=f213408950da5c01bcf2	Get hash	malicious	Unknown	Browse
	https://dsdhie.org/dsjhem	Get hash	malicious	Unknown	Browse
	https://66e41162be8b44fa4ef98165--lively-meringue-d6fcef.netlify.app/	Get hash	malicious	Unknown	Browse
	http://kendellseafoods.com/	Get hash	malicious	Unknown	Browse
	http://dmed-industries.com	Get hash	malicious	HtmlDropper	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context

ASNs

⊘No context

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://entertaininmotionre.pro/IQCm/	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 13.107.246.60
	https://dsdhie.org/dsjhem	Get hash	malicious	Unknown	Browse	4.175.87.197 13.107.246.60
	https://ipp.safetyworksolutions.com/	Get hash	malicious	Unknown	Browse	4.175.87.197 13.107.246.60
	wULBz8VjH0.exe	Get hash	malicious	Vidar	Browse	4.175.87.197 13.107.246.60
	file.exe	Get hash	malicious	Credential Flusher	Browse	4.175.87.197 13.107.246.60
	FdjDPFGTZS.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	4.175.87.197 13.107.246.60
	2005.exe	Get hash	malicious	Dice	Browse	4.175.87.197 13.107.246.60
	https://dsdhie.org/dsjhem	Get hash	malicious	Unknown	Browse	4.175.87.197 13.107.246.60
	2005.exe	Get hash	malicious	Unknown	Browse	4.175.87.197 13.107.246.60
	https://cloudshare.weil.com/invitations?share=f213408950da5c01bcf2	Get hash	malicious	Unknown	Browse	4.175.87.197 13.107.246.60

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (522)
Category:	downloaded
Size (bytes):	5050
Entropy (8bit):	5.30005628600801
Encrypted:	false
SSDEEP:	96:o75BuBxJfma7bGZABddEgf8nI4zLm4KGo8Vh1EabPVTq8fv/xRw:WHMmaX9r8Igp7nBlHo
MD5:	D9F15F1AEAF15673336FAA3507D1A2A7
SHA1:	FC79D00AF2E2D44FEBA701F12ECD4AFCA327F464
SHA-256:	AA3574ADCF3826390918BC2D5DCD88D7BC63238A6022DEF3487A67A731C30E7A
SHA-512:	D756961B6BFC478274E390B94D613BD837DA011D680FC6D67779A8E12C7F082EF977FC15D02C076F92BC1D2CE7EFDE48F82B4EC1BD12CF38AEDDAB1917E36041
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.oNa=_.z("wg1P6b",[_.XA,_.Fn,_.Nn]);._.k("wg1P6b");.var f6a;f6a=_.mh(["aria-"]);._.yJ=function(a){_.X.call(this,a.Fa);this.Ka=this.xa=this.aa=this.viewportElement=this.Na=null;this.Jc=a.Ea.ef;this.ab=a.Ea.focus;this.Fc=a.Ea.Fc;this.ea=this.Qi();a=-1*parseInt(_.Fo(this.Qi().el(),"marginTop")\|\|"0",10);var b=parseInt(_.Fo(this.Qi().el(),"marginBottom")\|\|"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.cf(this.getData("isMenuDynamic"),!1);b=_.cf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Wc(0),_.ku(this,.g6a(this,this.aa.el())));_.oF(this.oa())&&(a=this.oa().el(),b=this.we.bind(this),a.__soy_skip_handler=b)};_.J(_.yJ,_.X);_.yJ.Ba=function(){return{Ea:{ef:_.cF,focus:_.OE,Fc:_.uu}}};_.yJ.prototype.IF=function(a){var b=a.source;this.Na=b;var c;((c=a.data)==null?0:c.qz)?(a=a.data.qz,this.Ca=a==="MOUS

Chrome Cache Entry: 137

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5693)
Category:	downloaded
Size (bytes):	698852
Entropy (8bit):	5.594980353163612
Encrypted:	false
SSDEEP:	6144:TN3KfgnkxgOYoRvEoQvSXwojVlmGa/ZLJiH7ZkvgTa5PB1+UO5Hx+B8U2+:TUMkxgOENagFxJiyU+
MD5:	AA9FDCBE29C6D043DC83A7DAD848CCC3
SHA1:	E3F0A387A0A4B060620C975E1C70AA20294F3F22
SHA-256:	1A624C24D6D712C633F0B034606610DAD6B5AD7890FBFA3A9B204BD33207D60E
SHA-512:	C93878CE1281349204ABDB4444B18A12C03A010D1A252827EBFE45523E834988CE95D6E625FF82A60934D7A275AD8DAAC689E4412C5719ACCA8C9E1D4365B4D3
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
Preview:	"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (570)
Category:	downloaded
Size (bytes):	3467
Entropy (8bit):	5.508385764606741
Encrypted:	false
SSDEEP:	96:ogbsxK3SrI2Jrutmxy9FALtcP+EGYkxhclzV9xCw:Psc3OIpDj2ZYkxhATxX
MD5:	231ABD6E6C360E709640B399EDF85476
SHA1:	6CB98F38D9B6FDCF2E7D7C7682A219082F2E1E75
SHA-256:	44B5D535663C65CD2E6228EF1F0C3DBA9C89EAE5C1BF079A6C4C64972DEE989D
SHA-512:	D45455810B34493A05BA2DD7ADF24C0C009F4CF0898AE9C57978D38C8F2654CEEFC11D1C151BA72B902E0FA87537D43C37957DCAEC1792B5277B54C8E7BCCA3C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("Wt6vjf");.var fya=function(){var a=_.He();return _.Nj(a,1)},au=function(a){this.Da=_.t(a,0,au.messageId)};_.J(au,_.v);au.prototype.Ha=function(){return _.Fj(this,1)};au.prototype.Ua=function(a){return _.Xj(this,1,a)};au.messageId="f.bo";var bu=function(){_.km.call(this)};_.J(bu,_.km);bu.prototype.xd=function(){this.NT=!1;gya(this);_.km.prototype.xd.call(this)};bu.prototype.aa=function(){hya(this);if(this.JC)return iya(this),!1;if(!this.UV)return cu(this),!0;this.dispatchEvent("p");if(!this.HP)return cu(this),!0;this.NM?(this.dispatchEvent("r"),cu(this)):iya(this);return!1};.var jya=function(a){var b=new _.gp(a.b5);a.vQ!=null&&_.Mn(b,"authuser",a.vQ);return b},iya=function(a){a.JC=!0;var b=jya(a),c="rt=r&f_uid="+_.rk(a.HP);_.fn(b,(0,_.bg)(a.ea,a),"POST",c)};.bu.prototype.ea=function(a){a=a.target;hya(this);if(_.jn(a)){this.iK=0;if(this.NM)this.JC=!1,this.dispatchEvent("r"

Chrome Cache Entry: 139

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (533)
Category:	downloaded
Size (bytes):	9210
Entropy (8bit):	5.393248075042016
Encrypted:	false
SSDEEP:	192:t7mFYxV97I4Ia0U44rS3mt8IV7ydti6M5/1JlNg:t7vB7Il2t+dEF1JlNg
MD5:	2ED5BC88509286438B682EFF23518005
SHA1:	D5C8FD77BA3ED7F977A4AD0C85CF026D0F74F3E2
SHA-256:	F878D44B5CAC6BC95D638C13D0814C10E7D6CC145351ABA7945F53D8CB167979
SHA-512:	12F5415A482286C53631D09B5F50BA4AAA0957DB61904430E5B728777A15DC62428ED560847AB1DFEC459E302FB4D009D32CC1770EAD5425023CA48DF4640AA4
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vNa=_.z("SD8Jgb",[]);._.GX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.A)b=_.Za(b.Ku()),a.empty().append(b);else if(b instanceof _.Ua)b=_.Za(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Wf");};_.HX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.bMb=function(a){return a===null\|\|typeof a==="string"&&_.Ji(a)};._.k("SD8Jgb");._.MX=function(a){_.X.call(this,a.Fa);this.Va=a.controller.Va;this.od=a.controllers.od[0]\|\|null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null\|\|b.setAttribute("type","button")};_.J(_.MX,_.X);_.MX.Ba=function(){return{controller:{Va:{jsname:"n7vHCb",ctor:_.pv},header:{jsname:"tJHJj",ctor:_.pv},nav:{jsname:"DH6Rkf",ct

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (468)
Category:	downloaded
Size (bytes):	1858
Entropy (8bit):	5.297658905867848
Encrypted:	false
SSDEEP:	48:o7vjoGL3AeFkphnpiu7cOyBfO/3d/rYrv3Zrw:ofrLxFuLdyp2AVw
MD5:	B42DB3D22B12B8E3BE1B82961FE2870E
SHA1:	D9CFD11C1C2DE17A7E9301F11AD875B610B96576
SHA-256:	75DC40A81CEACB57940F84D2B29E021974C3004B245CC7198362CA944E9C4058
SHA-512:	EC0708797586F8F85EC8A0BBECA707D73778D93C12986B92965D1828B254D39485926354AEC4D73474BC5755E392B813D8045B19369FAE23B30BBD12E17F7053
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("iAskyc");._.QZ=function(a){_.W.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.QZ,_.W);_.QZ.Ba=function(){return{Ea:{window:_.tu,Mc:_.HE}}};_.QZ.prototype.Po=function(){};_.QZ.prototype.addEncryptionRecoveryMethod=function(){};_.RZ=function(a){return(a==null?void 0:a.Jo)\|\|function(){}};_.SZ=function(a){return(a==null?void 0:a.r3)\|\|function(){}};_.VPb=function(a){return(a==null?void 0:a.Qp)\|\|function(){}};._.WPb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.XPb=function(a){setTimeout(function(){throw a;},0)};_.QZ.prototype.qO=function(){return!0};_.qu(_.Dn,_.QZ);._.l();._.k("ziXSP");.var j_=function(a){_.QZ.call(this,a.Fa)};_.J(j_,_.QZ);j_.Ba=_.QZ.Ba;j_.prototype.Po=function(a,b,c){var d;if((d=this.window.chrome)==nu

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 142

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1694)
Category:	downloaded
Size (bytes):	32500
Entropy (8bit):	5.378121087555083
Encrypted:	false
SSDEEP:	768:OnTTScxIXeijt4aRZf4AEqTzQh2HIVVcYTVf79pew6cVEkAXtuWsmsL:iA4w4A4h2HIVVcMVf72QA9jOL
MD5:	57D7B0A2CE36496F05AFA27B39C1F219
SHA1:	418AD03C2E75AEAF188E2A00123B70E09D541656
SHA-256:	E247A1F5E564A248C92E39C040A06B9B3BEA50A130CC98F2787FB5E2441E0707
SHA-512:	78B135A69424F951AC7E3CCBDC4F496BCA0BE6A2312DC90DFA29032C7DB19455B7E35FEE57F470729EC5E86D52DC19037BB6404C27DF614A548DE409527866C2
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{.var Cua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=Cua.prototype;_.h.Zc=null;_.h.rZ=1E4;_.h.jA=!1;_.h.sQ=0;_.h.JJ=null;_.h.gV=null;_.h.setTimeout=function(a){this.rZ=a};_.h.start=function(){if(this.jA)throw Error("dc");this.jA=!0;this.sQ=0;Dua(this)};_.h.stop=function(){Eua(this);this.jA=!1};.var Dua=function(a){a.sQ++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.bg)(a.hH,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.bg)(a.Kja,a),a.aa.onerror=(0,_.bg)(a.Jja,a),a.aa.onabort=(0,_.bg)(a.Ija,a),a.JJ=_.om(a.Lja,a.rZ,a),a.aa.src=String(a.ka))};_.h=Cua.prototype;_.h.Kja=function(){this.hH(!0)};_.h.Jja=function(){this.hH(!1)};_.h.Ija=function(){this.hH(!1)};_.h.Lja=function(){this.hH(!1)};._.h.hH=function(a){Eua(this);a?(this.jA=!1,this.da.call(this.ea,!0)):this.sQ<=0?Dua(this):(this.jA=!1,

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
Category:	downloaded
Size (bytes):	52280
Entropy (8bit):	7.995413196679271
Encrypted:	true
SSDEEP:	1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
MD5:	F61F0D4D0F968D5BBA39A84C76277E1A
SHA1:	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
SHA-256:	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
SHA-512:	6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
Malicious:	false
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
Preview:	wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.\|(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.51w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e......71.?.7.ORv.?...l...G\|.P...\|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....\|..D.d..

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (755)
Category:	downloaded
Size (bytes):	1460
Entropy (8bit):	5.274624539239422
Encrypted:	false
SSDEEP:	24:kMYD7DUuXIqMSsN7UYgtx/mQ7hz1BU6TZ6BdXDMvUKGbWxlGb+jSFFV87Ofk8tp8:o7DhXI6PoXwsKGb2lGb+jS9Mwrw
MD5:	481C149C4D3EE4A53C3E7CBA067371DF
SHA1:	E0FED275636D3492C922C44F010157FAF0936733
SHA-256:	9327A53F577C5FCEFDB162E02D8646CE5B70DF2201F4B3289384657B32BACE70
SHA-512:	EC5C5A03ED4E1A27BEE7E1C488A238D79A9787D944E364CCE516FB28C22256919E49C99BFCFEA0F7815AB4232A350914E26D33D20F5A81ED19A39DFD40E30C79
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("lOO0Vd");._.b_a=new _.pf(_.Dm);._.l();._.k("P6sQOc");.var g_a=!!(_.Mh[1]&16);var i_a=function(a,b,c,d,e){this.ea=a;this.xa=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=h_a(this)},j_a=function(a){var b={};_.Ma(a.HS(),function(e){b[e]=!0});var c=a.uS(),d=a.yS();return new i_a(a.wP(),c.aa()1E3,a.bS(),d.aa()1E3,b)},h_a=function(a){return Math.random()Math.min(a.xaMath.pow(a.ka,a.aa),a.Ca)},SG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var TG=function(a){_.W.call(this,a.Fa);this.da=a.Ea.JV;this.ea=a.Ea.metadata;a=a.Ea.cha;this.fetch=a.fetch.bind(a)};_.J(TG,_.W);TG.Ba=function(){return{Ea:{JV:_.e_a,metadata:_.b_a,cha:_.VZa}}};TG.prototype.aa=function(a,b){if(this.ea.getType(a.Od())!==1)return _.Vm(a);var c=this.da.jV;return(c=c?j_a(c):null)&&SG(c)?_.zya(a,k_a(this,a,b,c)):_.Vm(a)};.var k_a=function(a,b,c,d){return c.then(function(e){return e},function(e)

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2907)
Category:	downloaded
Size (bytes):	23298
Entropy (8bit):	5.429186219736739
Encrypted:	false
SSDEEP:	384:+BitNeB9HVPQmqySWyvbbb/XEm6k1JTM2qzhOF0bCjOgiQBH2f+wl9nyf0zHwx:+BiHeB9Hecebbb/PONOFnjOgPBHgSywx
MD5:	A5C41D7BA22E9CF451810802AE5AC2E8
SHA1:	858F35134A0BD7BAECB1B1A30EC3645642214554
SHA-256:	D29364A1E9EDE91152F2CB84962B73644741817C9C6A615C1FB70A885DD1CB8D
SHA-512:	DEA28AD362B51832D33CD9E936C0A255FA32C20DFFC6E806DA7AAF657D3490AF079C40FE21E10B2FDC971EB066E51ABDA182DEDC156759CCE06440E456FEB316
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.xu.prototype.da=_.ca(40,function(){return _.tj(this,3)});_.cz=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.cz.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.dz=function(){this.ka=!0;var a=_.xj(_.fk(_.Be("TSDtV",window),_.Cya),_.xu,1,_.sj())[0];if(a){var b={};for(var c=_.n(_.xj(a,_.Dya,2,_.sj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Lj(d,1).toString();switch(_.vj(d,_.yu)){case 3:b[e]=_.Jj(d,_.nj(d,_.yu,3));break;case 2:b[e]=_.Lj(d,_.nj(d,_.yu,2));break;case 4:b[e]=_.Mj(d,_.nj(d,_.yu,4));break;case 5:b[e]=_.Nj(d,_.nj(d,_.yu,5));break;case 6:b[e]=_.Rj(d,_.ff,6,_.yu);break;default:throw Error("jd`"+_.vj(d,_.yu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.dz.prototype.aa=function(a){if(!this.ka\|\|a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Be("nQyAE",window)){var b=_.Fya(a.flagName);if(b===null)a=a.de

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (683)
Category:	downloaded
Size (bytes):	3131
Entropy (8bit):	5.352056237104327
Encrypted:	false
SSDEEP:	48:o7hHD75byh9xqKP5jNQ8js63rAwrMNhYfmdpwoKLEy5aQW5Tx5v3MmFopMGIWO4x:oFD+95jOQr3AT7wRLDGD5flBb4Ew
MD5:	ADEF03127F74F5E6742B8CFA7B863F28
SHA1:	58D7C635582AF10E91EC047FD315FAF758AF51DA
SHA-256:	5FDD639E222F58AEB6178EB02583086BCC50ED219DEAA953D0E7984DD0E1FEDC
SHA-512:	3AC26E9569EE83298F386D551774F378D3E433A2C80C1D4BC7481C544605A2FA4943F6CBC8E97FBF8FE3C32C1EFB2A1CCAA01403819482FC7429538FDF2CA758
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kA=function(a){_.W.call(this,a.Fa)};_.J(kA,_.W);kA.Ba=_.W.Ba;kA.prototype.jS=function(a){return _.Ye(this,{Xa:{lT:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.ni(function(e){window._wjdc=function(f){d(f);e(dKa(f,b,a))}}):dKa(c,b,a)})};var dKa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.lT.jS(c)};.kA.prototype.aa=function(a,b){var c=_.Dra(b).Tj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d\|\|(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.af(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.qu(_.Lfa,kA);._.l();._.k("SNUn3");._.cKa=new _.pf(_.wg);._.l();._.k("RMhBfe");.var eKa=function(a){var b=_.wq(a);return b?new _.ni(function(c,d){var e=function(){b=_.wq(a);var f=_.Sfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (395)
Category:	downloaded
Size (bytes):	1608
Entropy (8bit):	5.271783084011668
Encrypted:	false
SSDEEP:	48:o726BiFP89yAxKz1TtMxII+eXww7D2bc+rw:oyMyAAz1WNd8vw
MD5:	45EA91A811A594F81B7F760DD14BE237
SHA1:	2C97782C6D5D0BCFB3676FF24AA1008251090DAE
SHA-256:	7488FF4710E7592F66BE1FAC090F73CB8F1D2D0794B57DEAC1798C5B309EE76F
SHA-512:	4F79A36857D5A8AF1E2F938EF92EA75C384DE4789972B068BE82EADAA442C538A65035CCE8665A7283137E2075B8FE4C1C9E7B2A36585491683B4869005B772A
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,ZDZcre,A7fCU"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("w9hDv");._.vg(_.Ila);_.iA=function(a){_.W.call(this,a.Fa);this.aa=a.Xa.cache};_.J(_.iA,_.W);_.iA.Ba=function(){return{Xa:{cache:_.gt}}};_.iA.prototype.execute=function(a){_.Bb(a,function(b){var c;_.$e(b)&&(c=b.eb.kc(b.kb));c&&this.aa.LG(c)},this);return{}};_.qu(_.Ola,_.iA);._.l();._.k("ZDZcre");.var jH=function(a){_.W.call(this,a.Fa);this.Xl=a.Ea.Xl;this.j4=a.Ea.metadata;this.aa=a.Ea.wt};_.J(jH,_.W);jH.Ba=function(){return{Ea:{Xl:_.OG,metadata:_.b_a,wt:_.LG}}};jH.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Bb(a,function(c){var d=b.j4.getType(c.Od())===2?b.Xl.Rb(c):b.Xl.fetch(c);return _.Bl(c,_.PG)?d.then(function(e){return _.Dd(e)}):d},this)};_.qu(_.Tla,jH);._.l();._.k("K5nYTd");._.a_a=new _.pf(_.Pla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var RG=function(a){_.W.call(this,a.Fa);this.aa=a.Ea.yQ};_.J(RG,_.W);RG.Ba=func

Chrome Cache Entry: 148

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	84
Entropy (8bit):	4.875266466142591
Encrypted:	false
SSDEEP:	3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
MD5:	87B6333E98B7620EA1FF98D1A837A39E
SHA1:	105DE6815B0885357DE1414BFC0D77FCC9E924EF
SHA-256:	DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
SHA-512:	867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
Preview:	Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (553)
Category:	downloaded
Size (bytes):	744742
Entropy (8bit):	5.792853825531523
Encrypted:	false
SSDEEP:	6144:x5bdWK/20rOQKKQtvqUGSGDdPSxdZqmguPH:pOeKGSpgu/
MD5:	D6A4595EF381156A4C38FC1268C40783
SHA1:	75B2E4139EE5014416D280B02E1F57724B0A4240
SHA-256:	9E6266EF7F49A5256F373AB78F9D0AE688CA964F542892F5FF0563F05AC6C676
SHA-512:	ACC3385A52ABFA53EE68286C86F2266C2BE7D12350F31AEFD91052616CF417207E5F27A31FEC5FB4B5DDA705C599DD0B724ACA88E9FF682289C3B473902CD79C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlEEvjRYpfMDihaNwG0swUsVgVpBIg/m=_b,_tp"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x2860c1c4, 0x2046d860, 0x39e1fc40, 0x14501e80, 0xe420, 0x0, 0x1a000000, 0x1d000003, 0xc, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,daa,Na,Ta,gaa,iaa,jb,qaa,waa,Caa,Haa,Kaa,Jb,Laa,Ob,Qb,Rb,Maa,Naa,Sb,Oaa,Paa,Qaa,Yb,Vaa,Xaa,ec,fc,gc,bba,cba,gba,jba,lba,mba,qba,tba,nba,sba,rba,pba,oba,uba,yba,Cba,Dba,Aba,Hc,Ic,Gba,Iba,Mba,Nba,Oba,Pba,Lba,Qba,Sba,dd,Uba,Vba,Xba,Zba,Yba,aca,bca,cca,dca,fca,eca,hca,ica,jca,kca,nca,

Chrome Cache Entry: 150

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (681)
Category:	downloaded
Size (bytes):	4067
Entropy (8bit):	5.3700036060139436
Encrypted:	false
SSDEEP:	96:G6mTOIiY1medWRQrf7VF6vtDgXJyA7oxcoTiw:3mTOImedWOVF6vtUJyA8xJ3
MD5:	FA701F5D7BEF5AF6B676F099A00A1140
SHA1:	4CA8594D1E845605E7F1242AD8E10FD3A41FA3BE
SHA-256:	F1F311E29B597B507EE761AE40185A9BE194BA6498F91DD2A69610EF765B554A
SHA-512:	D53CAD789CED1F1D05546CD9DDA662FF47DF4A9FE382F4936EB1579175B06A95770426E5A83C24EACE04014956F1971A6432D1FCB26F2A9E4B922D8A34FC9875
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
Preview:	"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vg(_.bqa);._.k("sOXFj");.var wu=function(a){_.W.call(this,a.Fa)};_.J(wu,_.W);wu.Ba=_.W.Ba;wu.prototype.aa=function(a){return a()};_.qu(_.aqa,wu);._.l();._.k("oGtAuc");._.Bya=new _.pf(_.bqa);._.l();._.k("q0xTif");.var vza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Lc=null,_.Gu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Su=function(a){_.nt.call(this,a.Fa);this.Qa=this.dom=null;if(this.rl()){var b=_.Cm(this.Wg(),[_.Hm,_.Gm]);b=_.pi([b[_.Hm],b[_.Gm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.ku(this,b)}this.Ra=a.lm.Dea};_.J(Su,_.nt);Su.Ba=function(){return{lm:{Dea:function(a){return _.Ue(a)}}}};Su.prototype.Bp=function(a){return this.Ra.Bp(a)};.Su.prototype.getData=function(a){return this.Ra.getData(a)};Su.prototype.uo=function(){_.Nt(this.d

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.583823778284438
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	919'040 bytes
MD5:	e5dee324e4d2c335dc57f68ab1230b91
SHA1:	f12babfaa76b5466b3464b6f7e164a16997a08e9
SHA256:	e1cb3fa706ea73b4ac3d0d19305f935c60ec02466955b08cd959008675d007aa
SHA512:	c0751a1343d1ed92148b5404e8e1a50a47049eaa14e4ee67682edfdf40093d265e314a6a7cedd0923aa62486b8922923a6c4e365251d0acaa0f1bed0d82f536e
SSDEEP:	24576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8a42K:ZTvC/MTQYxsWR7a4
TLSH:	04159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x420577
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67042BA7 [Mon Oct 7 18:42:47 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	948cc502fe9226992dce9417f952fce3

Entrypoint Preview

Instruction
call 00007F37B8DF8333h
jmp 00007F37B8DF7C3Fh
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F37B8DF7E1Dh
mov dword ptr [esi], 0049FDF0h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FDF8h
mov dword ptr [ecx], 0049FDF0h
ret
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F37B8DF7DEAh
mov dword ptr [esi], 0049FE0Ch
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FE14h
mov dword ptr [ecx], 0049FE0Ch
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
and dword ptr [eax], 00000000h
and dword ptr [eax+04h], 00000000h
push eax
mov eax, dword ptr [ebp+08h]
add eax, 04h
push eax
call 00007F37B8DFA9DDh
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
lea eax, dword ptr [ecx+04h]
mov dword ptr [ecx], 0049FDD0h
push eax
call 00007F37B8DFAA28h
pop ecx
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
push eax
call 00007F37B8DFAA11h
test byte ptr [ebp+08h], 00000001h
pop ecx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc8e64	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd4000	0x9bb8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xde000	0x7594	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb0ff0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc3400	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb1010	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9c000	0x894	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x9ab1d	0x9ac00	0a1473f3064dcbc32ef93c5c8a90f3a6	False	0.565500681542811	data	6.668273581389308	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x9c000	0x2fb82	0x2fc00	c9cf2468b60bf4f80f136ed54b3989fb	False	0.35289185209424084	data	5.691811547483722	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xcc000	0x706c	0x4800	53b9025d545d65e23295e30afdbd16d9	False	0.04356553819444445	DOS executable (block device driver @\273\)	0.5846666986982398	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd4000	0x9bb8	0x9c00	f5a5e45304fa830d3bac96a6ae5d1ef5	False	0.3167317708333333	data	5.332831195256247	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xde000	0x7594	0x7600	c68ee8931a32d45eb82dc450ee40efc3	False	0.7628111758474576	data	6.7972128181359786	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xd45a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xd46d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xd47f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xd4920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xd4c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xd4d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xd5bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xd6480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xd69e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xd8f90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xda038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xda4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xda4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xdaa84	0x68a	data	English	Great Britain	0.2735961768219833
RT_STRING	0xdb110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xdb5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xdbb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xdc1f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xdc660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xdc7b8	0xe7e	data			1.002964959568733
RT_GROUP_ICON	0xdd638	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0xdd6b0	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xdd6c4	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xdd6d8	0x14	data	English	Great Britain	1.25
RT_VERSION	0xdd6ec	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0xdd7c8	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
WININET.dll	HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
USERENV.dll	DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
USER32.dll	GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
GDI32.dll	EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
COMDLG32.dll	GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
SHELL32.dll	DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
OLEAUT32.dll	CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 20:46:01.084803104 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 7, 2024 20:46:02.343574047 CEST	49736	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:02.343677998 CEST	443	49736	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:02.343785048 CEST	49736	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:02.344194889 CEST	49736	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:02.344233036 CEST	443	49736	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:02.940466881 CEST	443	49736	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:02.940840960 CEST	49736	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:02.940908909 CEST	443	49736	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:02.941236973 CEST	443	49736	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:02.941306114 CEST	49736	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:02.941760063 CEST	443	49736	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:02.941821098 CEST	49736	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:02.942836046 CEST	49736	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:02.942898989 CEST	443	49736	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:02.943056107 CEST	49736	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:02.943073988 CEST	443	49736	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:02.994663000 CEST	49736	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:03.243885040 CEST	443	49736	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:03.243900061 CEST	443	49736	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:03.244080067 CEST	443	49736	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:03.244220018 CEST	49736	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:03.244220018 CEST	49736	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:03.246421099 CEST	49736	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:03.246486902 CEST	443	49736	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:05.605735064 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:46:05.605817080 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 7, 2024 20:46:05.605921984 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:46:05.606254101 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:46:05.606309891 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 7, 2024 20:46:06.261116982 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 7, 2024 20:46:06.261472940 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:46:06.261533022 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 7, 2024 20:46:06.263210058 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 7, 2024 20:46:06.263425112 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:46:06.264177084 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:46:06.264307022 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 7, 2024 20:46:06.317835093 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:46:06.317893982 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 7, 2024 20:46:06.364702940 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:46:10.306953907 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:10.307028055 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:10.307266951 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:10.307379961 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:10.307409048 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:10.908721924 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:10.909118891 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:10.909185886 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:10.909544945 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:10.909619093 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:10.910136938 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:10.910197020 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:10.911123037 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:10.911187887 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:10.911346912 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:10.911367893 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:10.957814932 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.216501951 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.216574907 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.216667891 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.216733932 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.216795921 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.216938972 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.216989994 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.222176075 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.222263098 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.228405952 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.228488922 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.228524923 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.228576899 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.234071970 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.234141111 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.240052938 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.240128994 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.240144014 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.240197897 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.299040079 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.299184084 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.299242973 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.299314022 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.299393892 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.301644087 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.301738977 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.310954094 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.311013937 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.311037064 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.311096907 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.313766003 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.313847065 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.319895029 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.319978952 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.319992065 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.325841904 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.325948000 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.325961113 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.332530022 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.332622051 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.332636118 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.332655907 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.332721949 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.345359087 CEST	49756	443	192.168.2.4	142.250.185.174
Oct 7, 2024 20:46:11.345393896 CEST	443	49756	142.250.185.174	192.168.2.4
Oct 7, 2024 20:46:11.368029118 CEST	49760	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:11.368062019 CEST	443	49760	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:11.368138075 CEST	49760	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:11.368623972 CEST	49760	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:11.368642092 CEST	443	49760	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:11.424135923 CEST	49762	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:11.424201965 CEST	443	49762	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:11.424280882 CEST	49762	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:11.424660921 CEST	49762	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:11.424699068 CEST	443	49762	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:11.982225895 CEST	443	49760	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:11.982471943 CEST	49760	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:11.982501030 CEST	443	49760	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:11.983011007 CEST	443	49760	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:11.983076096 CEST	49760	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:11.984021902 CEST	443	49760	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:11.984075069 CEST	49760	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:11.984870911 CEST	49760	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:11.984951973 CEST	443	49760	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:11.985090971 CEST	49760	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:11.985100031 CEST	443	49760	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.024370909 CEST	49760	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.064598083 CEST	443	49762	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.064812899 CEST	49762	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.064836025 CEST	443	49762	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.065349102 CEST	443	49762	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.065419912 CEST	49762	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.066343069 CEST	443	49762	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.066396952 CEST	49762	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.066488981 CEST	49762	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.066566944 CEST	443	49762	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.066591024 CEST	49762	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.107403040 CEST	443	49762	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.116209984 CEST	49762	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.116219997 CEST	443	49762	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.162126064 CEST	49762	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.271759033 CEST	443	49760	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.272173882 CEST	49760	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.272242069 CEST	443	49760	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.272314072 CEST	49760	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.272861004 CEST	49765	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.272886992 CEST	443	49765	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.272969961 CEST	49765	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.273273945 CEST	49765	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.273298979 CEST	443	49765	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.353611946 CEST	443	49762	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.353774071 CEST	443	49762	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.353841066 CEST	49762	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.354023933 CEST	49762	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.354023933 CEST	49762	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.354080915 CEST	443	49762	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.354130030 CEST	49762	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.354712963 CEST	49766	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.354746103 CEST	443	49766	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.354821920 CEST	49766	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.355144024 CEST	49766	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.355170965 CEST	443	49766	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.876163006 CEST	443	49765	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.876327991 CEST	49765	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.876343966 CEST	443	49765	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.876955986 CEST	443	49765	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.877015114 CEST	49765	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.878084898 CEST	443	49765	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.878134966 CEST	49765	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.878221989 CEST	49765	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.878304005 CEST	443	49765	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.878330946 CEST	49765	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.878331900 CEST	49765	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.878370047 CEST	443	49765	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.927624941 CEST	49765	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.927640915 CEST	443	49765	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.965579033 CEST	443	49766	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.965750933 CEST	49766	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.965771914 CEST	443	49766	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.966465950 CEST	443	49766	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.966540098 CEST	49766	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.967495918 CEST	443	49766	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.967550993 CEST	49766	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.967662096 CEST	49766	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.967751980 CEST	443	49766	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.967766047 CEST	49766	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.967766047 CEST	49766	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:12.967833042 CEST	443	49766	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:12.974495888 CEST	49765	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:13.021364927 CEST	49766	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:13.021380901 CEST	443	49766	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:13.068245888 CEST	49766	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:13.086255074 CEST	443	49765	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:13.086427927 CEST	443	49765	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:13.086483955 CEST	49765	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:13.087654114 CEST	49765	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:13.087687016 CEST	443	49765	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:13.112011909 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:46:13.155431986 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 7, 2024 20:46:13.179440022 CEST	443	49766	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:13.180345058 CEST	443	49766	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:13.180424929 CEST	49766	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:13.184273958 CEST	49766	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:13.184318066 CEST	443	49766	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:13.369724035 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 7, 2024 20:46:13.369847059 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 7, 2024 20:46:13.369918108 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:46:13.369937897 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 7, 2024 20:46:13.369966984 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 7, 2024 20:46:13.370099068 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 7, 2024 20:46:13.370155096 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:46:13.370179892 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 7, 2024 20:46:13.370341063 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 7, 2024 20:46:13.370394945 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:46:13.370764971 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:46:13.370790958 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 7, 2024 20:46:14.290621042 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:14.290705919 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:14.292001963 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:14.292892933 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:14.292928934 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:15.092818022 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:15.092900038 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:15.095628977 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:15.095659018 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:15.096082926 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:15.145981073 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:15.759696960 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:15.803430080 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:16.015990019 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:16.016025066 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:16.016035080 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:16.016077995 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:16.016139030 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:16.016170025 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:16.016189098 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:16.016230106 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:16.016230106 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:16.016230106 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:16.016263962 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:16.017185926 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:16.017268896 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:16.017281055 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:16.017347097 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:16.017402887 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:16.715745926 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:16.715745926 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:16.715814114 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:16.715847969 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:19.177005053 CEST	49723	80	192.168.2.4	93.184.221.240
Oct 7, 2024 20:46:19.183710098 CEST	80	49723	93.184.221.240	192.168.2.4
Oct 7, 2024 20:46:19.183795929 CEST	49723	80	192.168.2.4	93.184.221.240
Oct 7, 2024 20:46:19.430579901 CEST	49780	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:19.430635929 CEST	443	49780	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:19.430705070 CEST	49780	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:19.430996895 CEST	49780	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:19.431020021 CEST	443	49780	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:20.067784071 CEST	443	49780	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:20.068273067 CEST	49780	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:20.068311930 CEST	443	49780	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:20.069526911 CEST	443	49780	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:20.069818974 CEST	49780	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:20.069950104 CEST	49780	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:20.069969893 CEST	443	49780	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:20.069993019 CEST	49780	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:20.070061922 CEST	443	49780	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:20.116082907 CEST	49780	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:20.374185085 CEST	443	49780	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:20.374524117 CEST	443	49780	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:20.374583006 CEST	49780	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:20.375591993 CEST	49780	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:20.375621080 CEST	443	49780	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:23.374617100 CEST	60162	53	192.168.2.4	1.1.1.1
Oct 7, 2024 20:46:23.380165100 CEST	53	60162	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:23.380222082 CEST	60162	53	192.168.2.4	1.1.1.1
Oct 7, 2024 20:46:23.380275011 CEST	60162	53	192.168.2.4	1.1.1.1
Oct 7, 2024 20:46:23.385618925 CEST	53	60162	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:23.806932926 CEST	53	60162	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:23.808124065 CEST	60162	53	192.168.2.4	1.1.1.1
Oct 7, 2024 20:46:23.813479900 CEST	53	60162	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:23.815104961 CEST	60162	53	192.168.2.4	1.1.1.1
Oct 7, 2024 20:46:42.243298054 CEST	60164	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:42.243413925 CEST	443	60164	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:42.243494987 CEST	60164	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:42.243855953 CEST	60164	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:42.243937016 CEST	443	60164	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:42.936872005 CEST	443	60164	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:42.937225103 CEST	60164	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:42.937288046 CEST	443	60164	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:42.938522100 CEST	443	60164	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:42.938807964 CEST	60164	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:42.938987970 CEST	443	60164	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:42.939027071 CEST	60164	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:42.939055920 CEST	60164	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:42.939084053 CEST	443	60164	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:43.227992058 CEST	443	60164	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:43.228311062 CEST	443	60164	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:43.228508949 CEST	60164	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:43.228765011 CEST	60164	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:43.228807926 CEST	443	60164	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:43.715112925 CEST	60165	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:43.715205908 CEST	443	60165	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:43.715281963 CEST	60165	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:43.715610027 CEST	60165	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:43.715643883 CEST	443	60165	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:43.930110931 CEST	60166	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:43.930201054 CEST	443	60166	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:43.930315018 CEST	60166	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:43.930516958 CEST	60166	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:43.930537939 CEST	443	60166	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:44.566556931 CEST	443	60166	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:44.566705942 CEST	443	60165	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:44.567289114 CEST	60165	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:44.567318916 CEST	443	60165	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:44.567394972 CEST	60166	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:44.567406893 CEST	443	60166	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:44.568039894 CEST	443	60165	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:44.568056107 CEST	443	60166	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:44.568465948 CEST	60166	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:44.568619013 CEST	60165	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:44.568727970 CEST	443	60166	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:44.568741083 CEST	60166	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:44.568756104 CEST	60166	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:44.568794012 CEST	443	60165	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:44.568806887 CEST	443	60166	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:44.568819046 CEST	60165	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:44.568856001 CEST	60165	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:44.568897009 CEST	443	60165	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:44.615360975 CEST	60166	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:44.855659962 CEST	443	60166	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:44.856412888 CEST	443	60166	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:44.856602907 CEST	60166	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:44.856776953 CEST	60166	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:44.856822014 CEST	443	60166	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:44.858016014 CEST	443	60165	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:44.858850002 CEST	443	60165	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:44.858918905 CEST	60165	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:44.859302998 CEST	60165	443	192.168.2.4	142.250.185.238
Oct 7, 2024 20:46:44.859322071 CEST	443	60165	142.250.185.238	192.168.2.4
Oct 7, 2024 20:46:53.170378923 CEST	60167	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:53.170469999 CEST	443	60167	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:53.170556068 CEST	60167	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:53.171123028 CEST	60167	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:53.171205997 CEST	443	60167	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:53.987219095 CEST	443	60167	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:53.987400055 CEST	60167	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:53.991255999 CEST	60167	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:53.991309881 CEST	443	60167	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:53.991831064 CEST	443	60167	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:53.999501944 CEST	60167	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:54.047483921 CEST	443	60167	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:54.318178892 CEST	443	60167	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:54.318268061 CEST	443	60167	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:54.318326950 CEST	443	60167	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:54.318453074 CEST	60167	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:54.318454027 CEST	60167	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:54.318520069 CEST	443	60167	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:54.318599939 CEST	60167	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:54.319140911 CEST	443	60167	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:54.319202900 CEST	443	60167	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:54.319335938 CEST	60167	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:54.319336891 CEST	60167	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:54.319377899 CEST	443	60167	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:54.319442034 CEST	60167	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:54.415822983 CEST	60167	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:54.415822983 CEST	60167	443	192.168.2.4	4.175.87.197
Oct 7, 2024 20:46:54.415890932 CEST	443	60167	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:54.415925980 CEST	443	60167	4.175.87.197	192.168.2.4
Oct 7, 2024 20:46:55.025702000 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:55.025789976 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:55.025893927 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:55.026453018 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:55.026535034 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:55.731084108 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:55.731296062 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:55.732985973 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:55.733040094 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:55.733460903 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:55.748416901 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:55.791484118 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:55.849833965 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:55.849888086 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:55.850024939 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:55.850106955 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:55.850106955 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:55.850171089 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:55.850244045 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:55.936842918 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:55.936889887 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:55.936937094 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:55.937000990 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:55.937041998 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:55.937062979 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:55.938155890 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:55.938199043 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:55.938246012 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:55.938309908 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:55.938354015 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:55.939239025 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.025038958 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.025080919 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.025136948 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.025136948 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.025199890 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.025321007 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.026401043 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.026439905 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.026489973 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.026489973 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.026551962 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.026617050 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.027839899 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.027878046 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.027920008 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.027982950 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.028021097 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.028044939 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.084660053 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.084700108 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.084772110 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.084772110 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.084835052 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.087321043 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.114017010 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.114058971 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.114224911 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.114224911 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.114289045 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.115489960 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.115757942 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.115797043 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.115871906 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.115873098 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.115873098 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.115938902 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.116008043 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.116553068 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.116592884 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.116641045 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.116641998 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.116705894 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.116766930 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.118282080 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.118319988 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.118349075 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.118366957 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.118393898 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.118413925 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.120342016 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.120384932 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.120424986 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.120439053 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.120471954 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.122240067 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.157902002 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.157944918 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.158092022 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.158107996 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.158108950 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.158133984 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.158169985 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.158200026 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.158299923 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.158344030 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.158375025 CEST	60168	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.158390999 CEST	443	60168	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.197784901 CEST	60169	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.197849989 CEST	443	60169	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.197954893 CEST	60169	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.199883938 CEST	60170	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.199904919 CEST	443	60170	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.199971914 CEST	60171	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.200014114 CEST	60169	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.200041056 CEST	443	60169	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.200054884 CEST	443	60171	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.200071096 CEST	60170	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.200113058 CEST	60170	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.200122118 CEST	443	60170	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.200131893 CEST	60171	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.200768948 CEST	60171	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.200846910 CEST	443	60171	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.201231956 CEST	60172	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.201314926 CEST	443	60172	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.201976061 CEST	60173	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.202059984 CEST	443	60173	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.202102900 CEST	60172	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.202104092 CEST	60172	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.202234983 CEST	443	60172	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.202299118 CEST	60173	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.202347040 CEST	60173	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.202364922 CEST	443	60173	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.813280106 CEST	443	60169	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.817596912 CEST	443	60170	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.822894096 CEST	443	60172	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.825764894 CEST	443	60171	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.830336094 CEST	443	60173	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.834084988 CEST	60173	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.834176064 CEST	443	60173	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.834960938 CEST	60173	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.834974051 CEST	443	60173	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.835481882 CEST	60171	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.835558891 CEST	443	60171	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.835917950 CEST	60171	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.835971117 CEST	443	60171	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.835975885 CEST	60169	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.836004972 CEST	443	60169	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.836277962 CEST	60169	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.836291075 CEST	443	60169	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.836446047 CEST	60170	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.836473942 CEST	443	60170	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.836752892 CEST	60170	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.836764097 CEST	443	60170	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.837002039 CEST	60172	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.837084055 CEST	443	60172	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.837193012 CEST	60172	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.837208986 CEST	443	60172	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.928926945 CEST	443	60169	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.928989887 CEST	443	60169	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.929008007 CEST	443	60173	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.929073095 CEST	60169	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.929106951 CEST	443	60169	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.929135084 CEST	443	60169	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.929164886 CEST	60169	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.929183006 CEST	443	60173	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.929192066 CEST	60169	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.929263115 CEST	60173	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.929497004 CEST	60169	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.929533005 CEST	443	60169	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.929567099 CEST	60169	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.929580927 CEST	443	60169	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.929795027 CEST	443	60171	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.929852962 CEST	443	60171	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.929929018 CEST	60171	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.929992914 CEST	443	60171	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.930052042 CEST	60171	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.930087090 CEST	443	60170	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.930244923 CEST	443	60170	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.930305004 CEST	60170	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.930659056 CEST	443	60171	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.930805922 CEST	443	60171	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.930870056 CEST	60171	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.930947065 CEST	443	60172	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.930988073 CEST	443	60172	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.931070089 CEST	60172	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.931138039 CEST	443	60172	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.931174040 CEST	443	60172	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.931230068 CEST	60172	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.931468964 CEST	60171	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.931499958 CEST	443	60171	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.931526899 CEST	60171	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.931541920 CEST	443	60171	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.932553053 CEST	60170	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.932570934 CEST	443	60170	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.932595015 CEST	60170	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.932605982 CEST	443	60170	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.933501959 CEST	60172	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.933538914 CEST	443	60172	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.933567047 CEST	60172	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.933582067 CEST	443	60172	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.934608936 CEST	60173	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.934684992 CEST	443	60173	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.934720039 CEST	60173	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.934739113 CEST	443	60173	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.938194990 CEST	60174	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.938241959 CEST	443	60174	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.938435078 CEST	60174	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.939440966 CEST	60174	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.939472914 CEST	443	60174	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.940666914 CEST	60175	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.940751076 CEST	443	60175	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.941031933 CEST	60175	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.941031933 CEST	60175	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.941087961 CEST	60176	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.941154957 CEST	443	60175	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.941171885 CEST	443	60176	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.941245079 CEST	60176	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.941397905 CEST	60177	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.941446066 CEST	443	60177	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.941499949 CEST	60176	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.941509962 CEST	60177	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.941534042 CEST	443	60176	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.941576004 CEST	60177	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.941584110 CEST	443	60177	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.942261934 CEST	60178	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.942270994 CEST	443	60178	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:56.942332029 CEST	60178	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.942420959 CEST	60178	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:56.942425013 CEST	443	60178	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.615703106 CEST	443	60178	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.616106033 CEST	443	60175	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.616322994 CEST	443	60176	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.616381884 CEST	60178	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.616446018 CEST	443	60178	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.616553068 CEST	60175	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.616610050 CEST	443	60175	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.616889000 CEST	60178	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.616903067 CEST	443	60178	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.617149115 CEST	60175	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.617163897 CEST	443	60175	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.617335081 CEST	60176	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.617418051 CEST	443	60176	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.617518902 CEST	60176	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.617542028 CEST	443	60176	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.629637957 CEST	443	60174	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.630043983 CEST	60174	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.630120039 CEST	443	60174	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.630312920 CEST	60174	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.630327940 CEST	443	60174	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.630911112 CEST	443	60177	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.631311893 CEST	60177	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.631326914 CEST	443	60177	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.631875992 CEST	60177	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.631887913 CEST	443	60177	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.711759090 CEST	443	60175	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.711909056 CEST	443	60175	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.712106943 CEST	60175	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.712106943 CEST	60175	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.712213993 CEST	60175	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.712251902 CEST	443	60175	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.714646101 CEST	443	60178	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.714670897 CEST	443	60176	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.714834929 CEST	443	60176	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.714885950 CEST	443	60178	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.714943886 CEST	60178	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.715055943 CEST	60176	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.715055943 CEST	60179	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.715055943 CEST	60176	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.715126991 CEST	60178	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.715126991 CEST	60178	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.715150118 CEST	443	60178	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.715162992 CEST	443	60178	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.715173960 CEST	443	60179	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.715224981 CEST	60176	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.715245962 CEST	443	60176	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.715281010 CEST	60179	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.715893030 CEST	60179	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.715970993 CEST	443	60179	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.717573881 CEST	60180	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.717657089 CEST	443	60180	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.717926025 CEST	60181	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.717958927 CEST	443	60181	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.717957020 CEST	60180	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.717957020 CEST	60180	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.718024969 CEST	60181	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.718085051 CEST	443	60180	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.718203068 CEST	60181	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.718209982 CEST	443	60181	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.727732897 CEST	443	60177	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.727910995 CEST	443	60177	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.727991104 CEST	60177	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.728044033 CEST	60177	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.728061914 CEST	443	60177	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.728082895 CEST	60177	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.728096008 CEST	443	60177	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.730511904 CEST	60182	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.730551958 CEST	443	60182	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.730633020 CEST	60182	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.730781078 CEST	60182	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.730796099 CEST	443	60182	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.748219967 CEST	443	60174	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.748378038 CEST	443	60174	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.748449087 CEST	60174	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.748527050 CEST	60174	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.748563051 CEST	443	60174	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.748588085 CEST	60174	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.748603106 CEST	443	60174	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.750845909 CEST	60183	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.750930071 CEST	443	60183	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:57.751182079 CEST	60183	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.751290083 CEST	60183	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:57.751318932 CEST	443	60183	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.344858885 CEST	443	60180	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.345623016 CEST	60180	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.345679998 CEST	443	60180	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.346190929 CEST	60180	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.346244097 CEST	443	60180	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.346394062 CEST	443	60179	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.346856117 CEST	60179	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.346915007 CEST	443	60179	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.347232103 CEST	60179	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.347285986 CEST	443	60179	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.348438025 CEST	443	60182	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.348701000 CEST	60182	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.348718882 CEST	443	60182	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.348989010 CEST	60182	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.348994970 CEST	443	60182	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.365151882 CEST	443	60183	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.365690947 CEST	60183	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.365734100 CEST	443	60183	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.366182089 CEST	60183	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.366195917 CEST	443	60183	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.367283106 CEST	443	60181	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.367686033 CEST	60181	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.367703915 CEST	443	60181	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.367974043 CEST	60181	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.367980003 CEST	443	60181	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.440573931 CEST	443	60180	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.440727949 CEST	443	60180	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.440819979 CEST	60180	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.440951109 CEST	60180	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.440994978 CEST	443	60180	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.441024065 CEST	60180	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.441040039 CEST	443	60180	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.443737984 CEST	443	60179	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.443886042 CEST	443	60179	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.444108963 CEST	60179	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.444109917 CEST	60179	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.444109917 CEST	60179	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.444328070 CEST	60184	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.444425106 CEST	443	60184	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.444530964 CEST	60184	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.444631100 CEST	60184	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.444649935 CEST	443	60184	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.445202112 CEST	443	60182	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.445353031 CEST	443	60182	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.445416927 CEST	60182	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.445458889 CEST	60182	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.445477962 CEST	443	60182	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.445489883 CEST	60182	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.445497990 CEST	443	60182	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.446530104 CEST	60185	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.446614981 CEST	443	60185	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.446712971 CEST	60185	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.446805954 CEST	60185	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.446835041 CEST	443	60185	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.447669029 CEST	60186	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.447690964 CEST	443	60186	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.447770119 CEST	60186	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.447958946 CEST	60186	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.447983027 CEST	443	60186	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.467154980 CEST	443	60181	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.467289925 CEST	443	60181	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.467350006 CEST	60181	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.467411041 CEST	60181	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.467417002 CEST	443	60181	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.467437983 CEST	60181	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.467442036 CEST	443	60181	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.468843937 CEST	443	60183	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.468991041 CEST	443	60183	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.469084978 CEST	60183	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.469178915 CEST	60183	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.469178915 CEST	60183	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.469222069 CEST	443	60183	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.469254971 CEST	443	60183	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.469530106 CEST	60187	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.469553947 CEST	443	60187	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.469623089 CEST	60187	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.469799995 CEST	60187	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.469827890 CEST	443	60187	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.471448898 CEST	60188	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.471503019 CEST	443	60188	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.471720934 CEST	60188	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.471913099 CEST	60188	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.471940994 CEST	443	60188	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:58.755956888 CEST	60179	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:58.756019115 CEST	443	60179	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.070897102 CEST	443	60185	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.074173927 CEST	60185	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.074233055 CEST	443	60185	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.074744940 CEST	60185	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.074759960 CEST	443	60185	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.080893993 CEST	443	60186	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.081403971 CEST	60186	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.081417084 CEST	443	60186	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.082094908 CEST	60186	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.082149029 CEST	443	60186	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.088247061 CEST	443	60188	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.088318110 CEST	443	60184	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.088664055 CEST	60188	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.088690996 CEST	443	60188	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.089236021 CEST	60188	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.089246988 CEST	443	60188	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.093854904 CEST	60184	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.093931913 CEST	443	60184	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.094464064 CEST	60184	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.094479084 CEST	443	60184	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.177599907 CEST	443	60187	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.179065943 CEST	443	60185	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.179231882 CEST	443	60185	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.179459095 CEST	60185	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.179802895 CEST	443	60186	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.180003881 CEST	443	60186	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.180182934 CEST	60186	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.182791948 CEST	443	60188	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.182936907 CEST	443	60188	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.183011055 CEST	60188	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.183805943 CEST	60187	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.183830023 CEST	443	60187	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.184209108 CEST	60187	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.184218884 CEST	443	60187	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.184382915 CEST	60188	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.184382915 CEST	60188	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.184416056 CEST	443	60188	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.184437037 CEST	443	60188	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.190450907 CEST	443	60184	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.190593004 CEST	443	60184	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.190660954 CEST	60184	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.201165915 CEST	60184	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.201204062 CEST	443	60184	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.201230049 CEST	60184	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.201244116 CEST	443	60184	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.205725908 CEST	60185	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.205725908 CEST	60185	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.205791950 CEST	443	60185	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.205806971 CEST	443	60185	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.206571102 CEST	60186	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.206571102 CEST	60186	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.206639051 CEST	443	60186	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.206672907 CEST	443	60186	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.213222027 CEST	60189	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.213304996 CEST	443	60189	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.213414907 CEST	60189	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.213854074 CEST	60189	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.213931084 CEST	443	60189	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.231456995 CEST	60190	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.231539011 CEST	443	60190	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.231623888 CEST	60190	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.233268976 CEST	60191	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.233324051 CEST	443	60191	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.233386993 CEST	60191	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.233553886 CEST	60191	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.233572006 CEST	443	60191	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.234941959 CEST	60192	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.234961987 CEST	443	60192	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.235023975 CEST	60192	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.242774010 CEST	60190	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.242852926 CEST	443	60190	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.243365049 CEST	60192	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.243403912 CEST	443	60192	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.276864052 CEST	443	60187	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.276943922 CEST	443	60187	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.277000904 CEST	60187	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.277282953 CEST	60187	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.277282953 CEST	60187	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.277307987 CEST	443	60187	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.277328968 CEST	443	60187	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.279912949 CEST	60193	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.279995918 CEST	443	60193	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.280102968 CEST	60193	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.280436039 CEST	60193	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.280505896 CEST	443	60193	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.829312086 CEST	443	60189	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.829864979 CEST	60189	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.829924107 CEST	443	60189	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.830293894 CEST	60189	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.830348015 CEST	443	60189	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.852900028 CEST	443	60192	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.853209019 CEST	60192	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.853238106 CEST	443	60192	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.853527069 CEST	60192	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.853537083 CEST	443	60192	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.856627941 CEST	443	60191	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.856890917 CEST	60191	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.856904030 CEST	443	60191	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.857167006 CEST	60191	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.857177019 CEST	443	60191	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.882647038 CEST	443	60190	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.883095026 CEST	60190	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.883172989 CEST	443	60190	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.883244991 CEST	60190	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.883260012 CEST	443	60190	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.906265020 CEST	443	60193	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.906574011 CEST	60193	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.906652927 CEST	443	60193	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.906904936 CEST	60193	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.906919003 CEST	443	60193	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.953012943 CEST	443	60192	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.953155041 CEST	443	60192	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.953223944 CEST	60192	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.953433990 CEST	60192	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.953459978 CEST	443	60192	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.953505993 CEST	60192	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.953520060 CEST	443	60192	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.954242945 CEST	443	60191	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.954407930 CEST	443	60191	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.954469919 CEST	60191	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.954495907 CEST	60191	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.954507113 CEST	443	60191	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.954530001 CEST	60191	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.954539061 CEST	443	60191	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.956214905 CEST	60195	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.956255913 CEST	443	60195	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.956315041 CEST	60194	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.956326962 CEST	60195	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.956396103 CEST	443	60194	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.956437111 CEST	60195	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.956449986 CEST	443	60195	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.956463099 CEST	60194	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.956602097 CEST	60194	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.956638098 CEST	443	60194	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.981466055 CEST	443	60190	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.981620073 CEST	443	60190	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.981848001 CEST	60190	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.983447075 CEST	60196	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.983484983 CEST	60190	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.983485937 CEST	60190	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.983505011 CEST	443	60196	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.983550072 CEST	443	60190	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.983582973 CEST	443	60190	13.107.246.60	192.168.2.4
Oct 7, 2024 20:46:59.983592033 CEST	60196	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.983711958 CEST	60196	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:46:59.983726025 CEST	443	60196	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.001746893 CEST	443	60189	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.001900911 CEST	443	60189	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.002114058 CEST	60189	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.002114058 CEST	60189	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.002706051 CEST	60189	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.002765894 CEST	443	60189	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.003946066 CEST	60197	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.004029989 CEST	443	60197	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.004118919 CEST	60197	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.004223108 CEST	60197	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.004242897 CEST	443	60197	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.005532980 CEST	443	60193	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.005700111 CEST	443	60193	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.005760908 CEST	60193	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.005800962 CEST	60193	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.005800962 CEST	60193	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.005820036 CEST	443	60193	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.005836964 CEST	443	60193	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.009011984 CEST	60198	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.009038925 CEST	443	60198	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.009265900 CEST	60198	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.009265900 CEST	60198	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.009397030 CEST	443	60198	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.592264891 CEST	443	60194	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.596550941 CEST	443	60196	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.611346960 CEST	60194	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.611398935 CEST	443	60194	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.611991882 CEST	60194	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.612016916 CEST	443	60194	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.612236023 CEST	60196	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.612299919 CEST	443	60196	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.612591028 CEST	60196	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.612606049 CEST	443	60196	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.620261908 CEST	443	60198	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.620701075 CEST	60198	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.620786905 CEST	443	60198	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.621191025 CEST	60198	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.621244907 CEST	443	60198	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.624937057 CEST	443	60195	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.625355959 CEST	60195	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.625413895 CEST	443	60195	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.625858068 CEST	60195	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.625870943 CEST	443	60195	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.630250931 CEST	443	60197	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.630517960 CEST	60197	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.630578041 CEST	443	60197	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.631181002 CEST	60197	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.631194115 CEST	443	60197	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.703675032 CEST	443	60194	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.703799963 CEST	443	60194	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.703999043 CEST	60194	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.704044104 CEST	60194	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.704061985 CEST	443	60194	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.704304934 CEST	60194	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.704335928 CEST	443	60194	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.704668045 CEST	443	60196	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.704818964 CEST	443	60196	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.704927921 CEST	60196	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.704927921 CEST	60196	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.704927921 CEST	60196	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.706707001 CEST	60199	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.706773043 CEST	443	60199	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.706856012 CEST	60199	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.706887007 CEST	60200	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.706947088 CEST	443	60200	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.707014084 CEST	60200	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.707032919 CEST	60199	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.707051039 CEST	443	60199	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.707139969 CEST	60200	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.707169056 CEST	443	60200	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.715567112 CEST	443	60198	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.715714931 CEST	443	60198	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.715805054 CEST	60198	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.715806007 CEST	60198	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.715806007 CEST	60198	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.717932940 CEST	60201	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.717973948 CEST	443	60201	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.718039036 CEST	60201	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.718132973 CEST	60201	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.718143940 CEST	443	60201	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.725650072 CEST	443	60195	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.725791931 CEST	443	60195	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.725888968 CEST	60195	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.725888968 CEST	60195	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.727366924 CEST	443	60197	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.727440119 CEST	60195	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.727478027 CEST	443	60195	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.727559090 CEST	443	60197	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.727750063 CEST	60197	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.727751017 CEST	60197	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.727961063 CEST	60202	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.727972031 CEST	443	60202	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.728030920 CEST	60202	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.728126049 CEST	60197	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.728137970 CEST	60202	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.728143930 CEST	443	60202	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.728188038 CEST	443	60197	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.729844093 CEST	60203	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.729924917 CEST	443	60203	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:00.730006933 CEST	60203	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.730122089 CEST	60203	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:00.730139971 CEST	443	60203	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.005832911 CEST	60196	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.005917072 CEST	443	60196	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.021586895 CEST	60198	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.021647930 CEST	443	60198	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.333168030 CEST	443	60199	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.333867073 CEST	60199	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.333921909 CEST	443	60200	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.333946943 CEST	443	60199	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.334418058 CEST	60199	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.334430933 CEST	443	60199	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.334949970 CEST	60200	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.334985018 CEST	443	60200	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.335429907 CEST	60200	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.335454941 CEST	443	60200	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.338280916 CEST	443	60203	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.338686943 CEST	60203	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.338699102 CEST	443	60203	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.339199066 CEST	60203	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.339225054 CEST	443	60203	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.360042095 CEST	443	60201	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.360444069 CEST	60201	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.360459089 CEST	443	60201	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.360990047 CEST	60201	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.360996008 CEST	443	60201	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.372843981 CEST	443	60202	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.373102903 CEST	60202	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.373117924 CEST	443	60202	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.373486042 CEST	60202	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.373491049 CEST	443	60202	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.427850962 CEST	443	60199	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.428005934 CEST	443	60199	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.428122997 CEST	60199	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.428297997 CEST	60199	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.428297997 CEST	60199	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.428329945 CEST	443	60199	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.428350925 CEST	443	60199	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.428904057 CEST	443	60200	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.429059029 CEST	443	60200	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.429404020 CEST	60200	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.429788113 CEST	60200	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.429788113 CEST	60200	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.429853916 CEST	443	60200	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.429892063 CEST	443	60200	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.433099031 CEST	60205	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.433145046 CEST	443	60205	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.433207989 CEST	60205	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.433342934 CEST	443	60203	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.433490038 CEST	443	60203	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.433552980 CEST	60203	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.433638096 CEST	60205	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.433660984 CEST	443	60205	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.434344053 CEST	60206	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.434353113 CEST	443	60206	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.434473991 CEST	60206	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.434652090 CEST	60206	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.434662104 CEST	443	60206	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.434776068 CEST	60203	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.434776068 CEST	60203	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.434842110 CEST	443	60203	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.434875965 CEST	443	60203	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.436355114 CEST	60207	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.436438084 CEST	443	60207	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.436506033 CEST	60207	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.436708927 CEST	60207	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.436743975 CEST	443	60207	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.460856915 CEST	443	60201	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.460932016 CEST	443	60201	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.461107016 CEST	60201	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.461184978 CEST	60201	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.461204052 CEST	443	60201	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.461215973 CEST	60201	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.461222887 CEST	443	60201	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.466293097 CEST	60208	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.466376066 CEST	443	60208	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.466661930 CEST	60208	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.466661930 CEST	60208	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.466789007 CEST	443	60208	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.477905989 CEST	443	60202	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.478056908 CEST	443	60202	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.478123903 CEST	60202	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.485198975 CEST	60202	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.485213041 CEST	443	60202	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.485260963 CEST	60202	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.485265970 CEST	443	60202	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.521783113 CEST	60209	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.521862030 CEST	443	60209	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:01.521934986 CEST	60209	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.533734083 CEST	60209	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:01.533766985 CEST	443	60209	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.071723938 CEST	443	60205	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.072416067 CEST	60205	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.072465897 CEST	443	60205	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.072925091 CEST	60205	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.072978020 CEST	443	60205	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.073777914 CEST	443	60206	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.074111938 CEST	60206	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.074153900 CEST	443	60206	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.074708939 CEST	60206	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.074721098 CEST	443	60206	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.086852074 CEST	443	60208	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.087318897 CEST	60208	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.087379932 CEST	443	60208	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.087743044 CEST	60208	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.087796926 CEST	443	60208	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.092422009 CEST	443	60207	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.092796087 CEST	60207	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.092854977 CEST	443	60207	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.093195915 CEST	60207	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.093250990 CEST	443	60207	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.160542965 CEST	443	60209	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.160974026 CEST	60209	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.161015987 CEST	443	60209	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.161488056 CEST	60209	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.161499977 CEST	443	60209	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.166148901 CEST	443	60205	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.166299105 CEST	443	60205	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.166484118 CEST	60205	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.166484118 CEST	60205	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.166484118 CEST	60205	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.169245958 CEST	60210	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.169296980 CEST	443	60210	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.169379950 CEST	60210	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.169529915 CEST	60210	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.169544935 CEST	443	60210	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.172924042 CEST	443	60206	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.173063993 CEST	443	60206	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.173135042 CEST	60206	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.173171997 CEST	60206	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.173172951 CEST	60206	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.173216105 CEST	443	60206	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.173243046 CEST	443	60206	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.175370932 CEST	60211	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.175455093 CEST	443	60211	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.175542116 CEST	60211	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.175822020 CEST	60211	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.175843954 CEST	443	60211	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.182990074 CEST	443	60208	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.183132887 CEST	443	60208	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.183198929 CEST	60208	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.183293104 CEST	60208	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.183293104 CEST	60208	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.183330059 CEST	443	60208	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.183357000 CEST	443	60208	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.185188055 CEST	60212	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.185226917 CEST	443	60212	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.185297966 CEST	60212	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.185444117 CEST	60212	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.185461998 CEST	443	60212	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.195152998 CEST	443	60207	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.195302963 CEST	443	60207	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.195379019 CEST	60207	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.195482016 CEST	60207	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.195482969 CEST	60207	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.195523977 CEST	443	60207	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.195552111 CEST	443	60207	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.197645903 CEST	60213	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.197690964 CEST	443	60213	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.197923899 CEST	60213	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.197923899 CEST	60213	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.198102951 CEST	443	60213	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.256997108 CEST	443	60209	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.257143021 CEST	443	60209	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.257205963 CEST	60209	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.257247925 CEST	60209	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.257272959 CEST	443	60209	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.257306099 CEST	60209	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.257319927 CEST	443	60209	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.259309053 CEST	60214	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.259368896 CEST	443	60214	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.259434938 CEST	60214	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.259533882 CEST	60214	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.259550095 CEST	443	60214	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.470613003 CEST	60205	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.470684052 CEST	443	60205	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.795608997 CEST	443	60211	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.796267033 CEST	443	60212	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.796360016 CEST	60211	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.796439886 CEST	443	60211	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.796705961 CEST	60212	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.796735048 CEST	443	60212	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.797030926 CEST	60211	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.797044992 CEST	443	60211	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.797058105 CEST	60212	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.797065020 CEST	443	60212	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.820847988 CEST	443	60210	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.821417093 CEST	60210	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.821506023 CEST	443	60210	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.821894884 CEST	60210	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.821911097 CEST	443	60210	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.854650974 CEST	443	60213	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.855217934 CEST	60213	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.855262041 CEST	443	60213	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.855750084 CEST	60213	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.855763912 CEST	443	60213	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.891733885 CEST	443	60211	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.891865969 CEST	443	60211	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.892031908 CEST	60211	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.892107964 CEST	60211	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.892107964 CEST	60211	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.892149925 CEST	443	60211	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.892179012 CEST	443	60211	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.894195080 CEST	443	60212	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.894347906 CEST	443	60212	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.894424915 CEST	60212	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.894602060 CEST	60212	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.894614935 CEST	443	60212	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.894632101 CEST	60212	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.894638062 CEST	443	60212	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.895200014 CEST	60215	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.895216942 CEST	443	60215	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.895282030 CEST	60215	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.895446062 CEST	60215	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.895453930 CEST	443	60215	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.897054911 CEST	60216	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.897102118 CEST	443	60216	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.897202969 CEST	60216	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.897324085 CEST	60216	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.897341013 CEST	443	60216	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.904047012 CEST	443	60214	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.904369116 CEST	60214	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.904453039 CEST	443	60214	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.904911995 CEST	60214	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.904925108 CEST	443	60214	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.916404963 CEST	443	60210	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.916542053 CEST	443	60210	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.916666031 CEST	60210	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.916747093 CEST	60210	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.916747093 CEST	60210	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.916790009 CEST	443	60210	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.916819096 CEST	443	60210	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.918895006 CEST	60217	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.918963909 CEST	443	60217	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.919049025 CEST	60217	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.919164896 CEST	60217	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.919192076 CEST	443	60217	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.957025051 CEST	443	60213	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.957166910 CEST	443	60213	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.957479954 CEST	60213	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.957479954 CEST	60213	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.957479954 CEST	60213	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.959770918 CEST	60218	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.959853888 CEST	443	60218	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:02.959949017 CEST	60218	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.960040092 CEST	60218	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:02.960062027 CEST	443	60218	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.003213882 CEST	443	60214	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.003380060 CEST	443	60214	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.003458977 CEST	60214	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.003613949 CEST	60214	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.003613949 CEST	60214	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.003655910 CEST	443	60214	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.003684998 CEST	443	60214	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.006244898 CEST	60219	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.006329060 CEST	443	60219	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.006419897 CEST	60219	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.006522894 CEST	60219	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.006541967 CEST	443	60219	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.271502018 CEST	60213	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.271567106 CEST	443	60213	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.504657030 CEST	443	60215	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.505462885 CEST	60215	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.505539894 CEST	443	60215	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.506293058 CEST	60215	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.506308079 CEST	443	60215	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.510114908 CEST	443	60216	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.510574102 CEST	60216	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.510613918 CEST	443	60216	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.511146069 CEST	60216	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.511152983 CEST	443	60216	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.541260004 CEST	443	60217	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.541959047 CEST	60217	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.542017937 CEST	443	60217	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.542478085 CEST	60217	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.542531967 CEST	443	60217	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.586568117 CEST	443	60218	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.587227106 CEST	60218	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.587310076 CEST	443	60218	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.587758064 CEST	60218	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.587814093 CEST	443	60218	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.605591059 CEST	443	60216	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.605659962 CEST	443	60216	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.605974913 CEST	60216	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.605974913 CEST	60216	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.605976105 CEST	60216	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.608772039 CEST	60220	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.608807087 CEST	443	60220	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.608901024 CEST	60220	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.608999968 CEST	60220	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.609010935 CEST	443	60220	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.624008894 CEST	443	60215	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.624238968 CEST	443	60215	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.624321938 CEST	60215	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.624402046 CEST	60215	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.624439001 CEST	443	60215	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.624473095 CEST	60215	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.624488115 CEST	443	60215	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.626822948 CEST	60221	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.626907110 CEST	443	60221	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.627348900 CEST	60221	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.627482891 CEST	60221	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.627512932 CEST	443	60221	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.638947964 CEST	443	60217	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.639085054 CEST	443	60217	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.639161110 CEST	60217	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.639282942 CEST	60217	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.639282942 CEST	60217	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.639336109 CEST	443	60217	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.639365911 CEST	443	60217	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.641092062 CEST	60222	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.641175032 CEST	443	60222	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.642255068 CEST	60222	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.642255068 CEST	60222	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.642379045 CEST	443	60222	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.645716906 CEST	443	60219	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.646080017 CEST	60219	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.646158934 CEST	443	60219	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.646687031 CEST	60219	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.646703005 CEST	443	60219	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.684374094 CEST	443	60218	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.684530973 CEST	443	60218	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.684756041 CEST	60218	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.684843063 CEST	60218	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.684843063 CEST	60218	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.684885025 CEST	443	60218	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.684919119 CEST	443	60218	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.686919928 CEST	60223	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.686940908 CEST	443	60223	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.687021017 CEST	60223	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.687133074 CEST	60223	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.687139034 CEST	443	60223	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.746083021 CEST	443	60219	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.746237993 CEST	443	60219	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.746457100 CEST	60219	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.766077042 CEST	60219	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.766077042 CEST	60219	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.766149998 CEST	443	60219	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.766185045 CEST	443	60219	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.770328999 CEST	60224	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.770380020 CEST	443	60224	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.770453930 CEST	60224	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.770692110 CEST	60224	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.770709038 CEST	443	60224	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:03.914443970 CEST	60216	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:03.914480925 CEST	443	60216	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.243818045 CEST	443	60220	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.244234085 CEST	60220	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.244261026 CEST	443	60220	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.244736910 CEST	60220	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.244745016 CEST	443	60220	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.245120049 CEST	443	60221	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.245543003 CEST	60221	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.245605946 CEST	443	60221	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.245803118 CEST	60221	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.245820045 CEST	443	60221	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.261049986 CEST	443	60222	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.261334896 CEST	60222	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.261349916 CEST	443	60222	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.261724949 CEST	60222	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.261734962 CEST	443	60222	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.299283028 CEST	443	60223	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.299592018 CEST	60223	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.299607038 CEST	443	60223	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.299915075 CEST	60223	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.299921036 CEST	443	60223	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.341012001 CEST	443	60220	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.341151953 CEST	443	60220	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.341207981 CEST	60220	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.341264963 CEST	60220	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.341284037 CEST	443	60220	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.341295004 CEST	60220	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.341303110 CEST	443	60220	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.341636896 CEST	443	60221	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.341706038 CEST	443	60221	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.341892004 CEST	60221	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.341892004 CEST	60221	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.343713045 CEST	60225	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.343713999 CEST	60221	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.343775988 CEST	443	60221	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.343806028 CEST	443	60225	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.343847990 CEST	60226	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.343869925 CEST	443	60226	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.343898058 CEST	60225	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.343962908 CEST	60226	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.344012022 CEST	60225	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.344034910 CEST	443	60225	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.344060898 CEST	60226	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.344072104 CEST	443	60226	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.379532099 CEST	443	60222	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.379682064 CEST	443	60222	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.379786015 CEST	60222	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.379865885 CEST	60222	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.379865885 CEST	60222	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.379908085 CEST	443	60222	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.379939079 CEST	443	60222	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.381540060 CEST	60227	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.381628990 CEST	443	60227	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.381720066 CEST	60227	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.381818056 CEST	60227	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.381836891 CEST	443	60227	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.392327070 CEST	443	60224	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.392595053 CEST	60224	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.392613888 CEST	443	60224	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.392919064 CEST	60224	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.392924070 CEST	443	60224	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.429569960 CEST	443	60223	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.429716110 CEST	443	60223	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.429899931 CEST	60223	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.429899931 CEST	60223	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.429899931 CEST	60223	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.431579113 CEST	60228	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.431598902 CEST	443	60228	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.431668997 CEST	60228	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.431780100 CEST	60228	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.431786060 CEST	443	60228	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.491772890 CEST	443	60224	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.491919994 CEST	443	60224	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.492053986 CEST	60224	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.494575977 CEST	60224	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.494601965 CEST	443	60224	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.494616985 CEST	60224	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.494625092 CEST	443	60224	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.497118950 CEST	60229	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.497201920 CEST	443	60229	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.497307062 CEST	60229	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.497585058 CEST	60229	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.497642994 CEST	443	60229	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.740101099 CEST	60223	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.740139961 CEST	443	60223	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.966509104 CEST	443	60225	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.967122078 CEST	60225	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.967211962 CEST	443	60225	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.967550039 CEST	60225	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.967605114 CEST	443	60225	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.973298073 CEST	443	60226	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.973628044 CEST	60226	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.973664999 CEST	443	60226	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:04.974083900 CEST	60226	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:04.974138021 CEST	443	60226	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.020164967 CEST	443	60227	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.020577908 CEST	60227	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.020622969 CEST	443	60227	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.020915985 CEST	60227	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.020925045 CEST	443	60227	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.066668034 CEST	443	60225	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.066732883 CEST	443	60225	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.066921949 CEST	60225	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.066921949 CEST	60225	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.067995071 CEST	60225	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.068057060 CEST	443	60225	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.069608927 CEST	60230	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.069690943 CEST	443	60230	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.069770098 CEST	60230	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.069885015 CEST	60230	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.069917917 CEST	443	60230	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.070760965 CEST	443	60226	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.070911884 CEST	443	60226	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.071089983 CEST	60226	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.071089983 CEST	60226	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.071089983 CEST	60226	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.072513103 CEST	60231	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.072546959 CEST	443	60231	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.072612047 CEST	60231	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.072705030 CEST	60231	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.072711945 CEST	443	60231	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.086371899 CEST	443	60228	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.086677074 CEST	60228	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.086692095 CEST	443	60228	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.087014914 CEST	60228	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.087019920 CEST	443	60228	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.120894909 CEST	443	60227	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.121040106 CEST	443	60227	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.121196032 CEST	60227	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.121196032 CEST	60227	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.121196032 CEST	60227	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.122881889 CEST	443	60229	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.122901917 CEST	60232	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.122987986 CEST	443	60232	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.123060942 CEST	60232	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.123265982 CEST	60229	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.123325109 CEST	443	60229	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.123492956 CEST	60232	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.123570919 CEST	443	60232	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.123595953 CEST	60229	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.123648882 CEST	443	60229	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.188848972 CEST	443	60228	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.188982010 CEST	443	60228	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.189045906 CEST	60228	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.189150095 CEST	60228	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.189172983 CEST	443	60228	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.189186096 CEST	60228	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.189196110 CEST	443	60228	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.191452026 CEST	60233	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.191548109 CEST	443	60233	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.191636086 CEST	60233	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.191776991 CEST	60233	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.191795111 CEST	443	60233	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.221774101 CEST	443	60229	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.221925974 CEST	443	60229	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.222003937 CEST	60229	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.222070932 CEST	60229	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.222071886 CEST	60229	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.222103119 CEST	443	60229	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.222130060 CEST	443	60229	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.223913908 CEST	60234	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.223938942 CEST	443	60234	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.224009037 CEST	60234	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.224108934 CEST	60234	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.224127054 CEST	443	60234	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.382930994 CEST	60226	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.382993937 CEST	443	60226	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.430531025 CEST	60227	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.430565119 CEST	443	60227	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.648531914 CEST	60235	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:47:05.648581028 CEST	443	60235	142.250.185.132	192.168.2.4
Oct 7, 2024 20:47:05.648689985 CEST	60235	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:47:05.648880005 CEST	60235	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:47:05.648891926 CEST	443	60235	142.250.185.132	192.168.2.4
Oct 7, 2024 20:47:05.695580959 CEST	443	60230	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.696321964 CEST	60230	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.696410894 CEST	443	60230	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.696672916 CEST	60230	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.696726084 CEST	443	60230	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.713056087 CEST	443	60231	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.713443995 CEST	60231	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.713459969 CEST	443	60231	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.713932037 CEST	60231	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.713937044 CEST	443	60231	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.732122898 CEST	443	60232	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.732592106 CEST	60232	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.732673883 CEST	443	60232	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.732886076 CEST	60232	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.732901096 CEST	443	60232	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.791241884 CEST	443	60230	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.791415930 CEST	443	60230	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.791518927 CEST	60230	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.791520119 CEST	60230	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.791596889 CEST	60230	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.791634083 CEST	443	60230	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.793950081 CEST	60236	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.794032097 CEST	443	60236	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.794132948 CEST	60236	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.794275045 CEST	60236	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.794294119 CEST	443	60236	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.813560009 CEST	443	60231	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.813709974 CEST	443	60231	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.814659119 CEST	60231	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.815035105 CEST	60231	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.815048933 CEST	443	60231	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.815057039 CEST	60231	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.815061092 CEST	443	60231	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.815128088 CEST	443	60233	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.817008972 CEST	60237	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.817095041 CEST	443	60237	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.817177057 CEST	60237	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.817249060 CEST	60237	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.817266941 CEST	443	60237	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.817308903 CEST	60233	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.817358971 CEST	443	60233	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.817850113 CEST	60233	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.817864895 CEST	443	60233	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.842981100 CEST	443	60232	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.843132973 CEST	443	60232	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.843328953 CEST	60232	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.843413115 CEST	60232	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.843413115 CEST	60232	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.843455076 CEST	443	60232	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.843485117 CEST	443	60232	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.845576048 CEST	60238	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.845599890 CEST	443	60238	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.845669031 CEST	60238	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.846025944 CEST	60238	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.846054077 CEST	443	60238	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.882272959 CEST	443	60234	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.883217096 CEST	60234	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.883251905 CEST	443	60234	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.883622885 CEST	60234	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.883634090 CEST	443	60234	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.911602020 CEST	443	60233	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.911747932 CEST	443	60233	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.911829948 CEST	60233	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.911977053 CEST	60233	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.912009001 CEST	443	60233	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.912034988 CEST	60233	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.912051916 CEST	443	60233	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.914153099 CEST	60239	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.914237022 CEST	443	60239	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.914326906 CEST	60239	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.914439917 CEST	60239	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.914458990 CEST	443	60239	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.981040001 CEST	443	60234	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.981190920 CEST	443	60234	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.981457949 CEST	60234	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.981457949 CEST	60234	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.981457949 CEST	60234	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.983081102 CEST	60240	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.983164072 CEST	443	60240	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:05.983282089 CEST	60240	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.983365059 CEST	60240	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:05.983387947 CEST	443	60240	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.269555092 CEST	443	60235	142.250.185.132	192.168.2.4
Oct 7, 2024 20:47:06.270036936 CEST	60235	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:47:06.270081997 CEST	443	60235	142.250.185.132	192.168.2.4
Oct 7, 2024 20:47:06.271584988 CEST	443	60235	142.250.185.132	192.168.2.4
Oct 7, 2024 20:47:06.272011995 CEST	60235	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:47:06.272424936 CEST	443	60235	142.250.185.132	192.168.2.4
Oct 7, 2024 20:47:06.287455082 CEST	60234	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.287525892 CEST	443	60234	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.318053007 CEST	60235	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:47:06.433738947 CEST	443	60236	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.434432030 CEST	60236	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.434551001 CEST	443	60236	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.435018063 CEST	60236	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.435070992 CEST	443	60236	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.441312075 CEST	443	60237	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.483264923 CEST	443	60238	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.490145922 CEST	60237	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.495584965 CEST	60237	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.495614052 CEST	443	60237	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.496361971 CEST	60237	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.496372938 CEST	443	60237	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.497348070 CEST	60238	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.497363091 CEST	443	60238	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.497889996 CEST	60238	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.497900009 CEST	443	60238	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.532165051 CEST	443	60236	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.532305956 CEST	443	60236	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.532453060 CEST	60236	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.532737970 CEST	60236	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.532783985 CEST	443	60236	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.532847881 CEST	60236	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.532862902 CEST	443	60236	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.545595884 CEST	60241	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.545636892 CEST	443	60241	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.545737982 CEST	60241	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.545842886 CEST	60241	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.545849085 CEST	443	60241	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.553513050 CEST	443	60239	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.554629087 CEST	60239	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.554687023 CEST	443	60239	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.557385921 CEST	60239	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.557439089 CEST	443	60239	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.588538885 CEST	443	60237	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.588690996 CEST	443	60237	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.588778973 CEST	60237	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.590497017 CEST	60237	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.590497017 CEST	60237	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.590532064 CEST	443	60237	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.590553999 CEST	443	60237	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.593766928 CEST	443	60238	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.593939066 CEST	443	60238	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.594007969 CEST	60238	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.603323936 CEST	60238	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.603324890 CEST	60238	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.603338957 CEST	443	60238	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.603358984 CEST	443	60238	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.605696917 CEST	60242	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.605711937 CEST	443	60242	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.605801105 CEST	60242	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.606034994 CEST	60242	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.606046915 CEST	443	60242	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.606626034 CEST	60243	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.606709957 CEST	443	60243	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.606868982 CEST	60243	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.606966972 CEST	60243	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.606987953 CEST	443	60243	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.607104063 CEST	443	60240	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.607341051 CEST	60240	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.607373953 CEST	443	60240	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.607671022 CEST	60240	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.607682943 CEST	443	60240	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.653678894 CEST	443	60239	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.653825998 CEST	443	60239	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.654129028 CEST	60239	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.654129028 CEST	60239	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.654129028 CEST	60239	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.656794071 CEST	60244	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.656877995 CEST	443	60244	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.656985044 CEST	60244	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.657109976 CEST	60244	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.657133102 CEST	443	60244	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.704114914 CEST	443	60240	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.704255104 CEST	443	60240	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.704495907 CEST	60240	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.704495907 CEST	60240	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.704497099 CEST	60240	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.706145048 CEST	60245	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.706242085 CEST	443	60245	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.706945896 CEST	60245	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.707026005 CEST	60245	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.707045078 CEST	443	60245	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:06.959037066 CEST	60239	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:06.959098101 CEST	443	60239	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.005759954 CEST	60240	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.005820990 CEST	443	60240	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.188251019 CEST	443	60242	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.189167023 CEST	60242	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.189199924 CEST	443	60242	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.189619064 CEST	60242	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.189627886 CEST	443	60242	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.234204054 CEST	443	60241	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.234601021 CEST	60241	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.234613895 CEST	443	60241	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.234966993 CEST	60241	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.234972954 CEST	443	60241	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.269728899 CEST	443	60243	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.270220995 CEST	60243	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.270302057 CEST	443	60243	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.270595074 CEST	60243	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.270648003 CEST	443	60243	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.279731989 CEST	443	60244	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.280122995 CEST	60244	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.280205965 CEST	443	60244	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.280462027 CEST	60244	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.280517101 CEST	443	60244	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.288167000 CEST	443	60242	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.288316011 CEST	443	60242	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.288377047 CEST	60242	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.288537979 CEST	60242	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.288557053 CEST	443	60242	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.288568974 CEST	60242	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.288575888 CEST	443	60242	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.291996002 CEST	60246	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.292045116 CEST	443	60246	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.292120934 CEST	60246	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.292237043 CEST	60246	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.292254925 CEST	443	60246	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.336985111 CEST	443	60241	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.337050915 CEST	443	60241	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.337090969 CEST	60241	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.337754011 CEST	60241	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.337771893 CEST	443	60241	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.337784052 CEST	60241	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.337790012 CEST	443	60241	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.342911959 CEST	60247	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.342997074 CEST	443	60247	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.343086004 CEST	60247	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.343369007 CEST	60247	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.343452930 CEST	443	60247	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.362931967 CEST	443	60243	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.363070965 CEST	443	60243	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.363164902 CEST	60243	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.363164902 CEST	60243	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.363164902 CEST	60243	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.365128040 CEST	60248	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.365216970 CEST	443	60248	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.365283966 CEST	60248	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.365438938 CEST	60248	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.365458012 CEST	443	60248	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.385421991 CEST	443	60244	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.385565042 CEST	443	60244	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.385664940 CEST	443	60245	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.385668039 CEST	60244	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.385668039 CEST	60244	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.385668039 CEST	60244	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.386481047 CEST	60245	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.386539936 CEST	443	60245	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.386879921 CEST	60245	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.386893988 CEST	443	60245	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.387470007 CEST	60249	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.387552977 CEST	443	60249	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.387620926 CEST	60249	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.387772083 CEST	60249	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.387805939 CEST	443	60249	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.495917082 CEST	443	60245	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.496078014 CEST	443	60245	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.496248007 CEST	60245	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.496248007 CEST	60245	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.496248007 CEST	60245	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.498020887 CEST	60250	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.498104095 CEST	443	60250	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.498188972 CEST	60250	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.498270035 CEST	60250	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.498290062 CEST	443	60250	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.521487951 CEST	49724	80	192.168.2.4	93.184.221.240
Oct 7, 2024 20:47:07.527911901 CEST	80	49724	93.184.221.240	192.168.2.4
Oct 7, 2024 20:47:07.528141975 CEST	49724	80	192.168.2.4	93.184.221.240
Oct 7, 2024 20:47:07.677705050 CEST	60243	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.677767992 CEST	443	60243	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.687664032 CEST	60244	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.687731028 CEST	443	60244	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.803637981 CEST	60245	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.803672075 CEST	443	60245	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.973752022 CEST	443	60246	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.974220991 CEST	60246	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.974282026 CEST	443	60246	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:07.974651098 CEST	60246	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:07.974663973 CEST	443	60246	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.002713919 CEST	443	60247	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.003384113 CEST	60247	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.003470898 CEST	443	60247	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.003881931 CEST	60247	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.003935099 CEST	443	60247	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.010483980 CEST	443	60248	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.012271881 CEST	60248	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.012356997 CEST	443	60248	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.012931108 CEST	60248	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.012943983 CEST	443	60248	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.073762894 CEST	443	60249	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.074379921 CEST	60249	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.074448109 CEST	443	60249	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.074727058 CEST	60249	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.074779987 CEST	443	60249	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.080585003 CEST	443	60246	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.080636978 CEST	443	60246	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.080728054 CEST	60246	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.080761909 CEST	443	60246	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.080790043 CEST	443	60246	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.080841064 CEST	60246	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.080873013 CEST	60246	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.080873013 CEST	60246	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.080890894 CEST	443	60246	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.080902100 CEST	443	60246	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.083285093 CEST	60251	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.083348989 CEST	443	60251	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.083427906 CEST	60251	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.083547115 CEST	60251	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.083561897 CEST	443	60251	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.101330996 CEST	443	60247	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.101475954 CEST	443	60247	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.101666927 CEST	60247	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.101753950 CEST	60247	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.101753950 CEST	60247	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.101797104 CEST	443	60247	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.101831913 CEST	443	60247	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.103430986 CEST	60252	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.103518009 CEST	443	60252	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.103602886 CEST	60252	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.103697062 CEST	60252	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.103714943 CEST	443	60252	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.105408907 CEST	443	60248	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.106015921 CEST	443	60248	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.106084108 CEST	60248	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.106126070 CEST	60248	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.106126070 CEST	60248	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.106147051 CEST	443	60248	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.106168985 CEST	443	60248	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.107722998 CEST	60253	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.107806921 CEST	443	60253	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.107892036 CEST	60253	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.107991934 CEST	60253	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.108014107 CEST	443	60253	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.169109106 CEST	443	60250	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.169539928 CEST	60250	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.169598103 CEST	443	60250	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.169898033 CEST	60250	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.169950962 CEST	443	60250	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.170893908 CEST	443	60249	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.170960903 CEST	443	60249	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.171086073 CEST	443	60249	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.171127081 CEST	60249	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.171196938 CEST	60249	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.171196938 CEST	60249	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.171197891 CEST	60249	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.172888041 CEST	60254	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.172967911 CEST	443	60254	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.173067093 CEST	60254	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.173172951 CEST	60254	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.173192978 CEST	443	60254	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.269464970 CEST	443	60250	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.269520044 CEST	443	60250	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.269644022 CEST	443	60250	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.269728899 CEST	60250	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.269730091 CEST	60250	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.269817114 CEST	60250	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.269817114 CEST	60250	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.269856930 CEST	443	60250	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.269891024 CEST	443	60250	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.272525072 CEST	60255	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.272597075 CEST	443	60255	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.272659063 CEST	60255	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.272797108 CEST	60255	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.272819042 CEST	443	60255	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.474163055 CEST	60249	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.474225044 CEST	443	60249	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.901807070 CEST	443	60251	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.902647018 CEST	60251	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.902729034 CEST	443	60251	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.903058052 CEST	60251	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.903074980 CEST	443	60251	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.904863119 CEST	443	60253	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.905190945 CEST	443	60252	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.905288935 CEST	60253	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.905366898 CEST	443	60253	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.905441046 CEST	60252	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.905467987 CEST	60253	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.905494928 CEST	443	60253	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.905514956 CEST	443	60252	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.905884981 CEST	60252	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.905896902 CEST	443	60252	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.997293949 CEST	443	60251	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.997349024 CEST	443	60251	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.997427940 CEST	60251	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.997453928 CEST	443	60251	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.997483969 CEST	443	60251	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.998708963 CEST	60251	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.998708963 CEST	60251	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.998759985 CEST	443	60251	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:08.998790026 CEST	60251	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:08.998806000 CEST	443	60251	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.000979900 CEST	443	60252	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.001126051 CEST	443	60252	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.001199961 CEST	60252	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.004026890 CEST	443	60253	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.004407883 CEST	443	60253	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.004515886 CEST	60253	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.009496927 CEST	60252	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.009531975 CEST	443	60252	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.009557962 CEST	60252	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.009572029 CEST	443	60252	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.012417078 CEST	60253	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.012417078 CEST	60253	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.012481928 CEST	443	60253	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.012516975 CEST	443	60253	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.044254065 CEST	60256	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.044307947 CEST	443	60256	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.044394970 CEST	60256	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.047724009 CEST	60256	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.047750950 CEST	443	60256	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.053889990 CEST	60257	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.053972960 CEST	443	60257	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.054081917 CEST	60257	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.057343006 CEST	60257	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.057418108 CEST	443	60257	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.060635090 CEST	60258	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.060717106 CEST	443	60258	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.060800076 CEST	60258	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.063802004 CEST	60258	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.063834906 CEST	443	60258	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.085597992 CEST	443	60254	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.085611105 CEST	443	60255	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.092684984 CEST	60254	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.092762947 CEST	443	60254	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.093177080 CEST	60254	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.093230009 CEST	443	60254	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.093419075 CEST	60255	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.093446970 CEST	443	60255	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.093724012 CEST	60255	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.093734026 CEST	443	60255	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.185358047 CEST	443	60255	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.185930967 CEST	443	60255	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.186017036 CEST	60255	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.186155081 CEST	60255	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.186155081 CEST	60255	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.186182976 CEST	443	60255	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.186203003 CEST	443	60255	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.187438965 CEST	443	60254	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.187597990 CEST	443	60254	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.187810898 CEST	60254	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.187812090 CEST	60254	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.187812090 CEST	60254	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.189317942 CEST	60259	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.189352036 CEST	443	60259	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.189415932 CEST	60259	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.189728022 CEST	60259	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.189754009 CEST	443	60259	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.189893961 CEST	60260	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.189965010 CEST	443	60260	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.190031052 CEST	60260	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.190125942 CEST	60260	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.190140963 CEST	443	60260	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.489729881 CEST	60254	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.489789963 CEST	443	60254	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.694797993 CEST	443	60256	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.695332050 CEST	60256	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.695424080 CEST	443	60256	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.695780039 CEST	60256	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.695792913 CEST	443	60256	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.700469017 CEST	443	60258	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.701205969 CEST	60258	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.701262951 CEST	443	60258	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.701565027 CEST	60258	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.701617956 CEST	443	60258	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.713469028 CEST	443	60257	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.713810921 CEST	60257	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.713867903 CEST	443	60257	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.714164019 CEST	60257	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.714178085 CEST	443	60257	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.812323093 CEST	443	60258	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.812585115 CEST	443	60258	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.812808990 CEST	60258	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.812808990 CEST	60258	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.812808990 CEST	60258	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.815232992 CEST	60261	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.815315008 CEST	443	60261	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.815438032 CEST	60261	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.815558910 CEST	60261	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.815578938 CEST	443	60261	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.819972038 CEST	443	60257	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.820116043 CEST	443	60257	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.820203066 CEST	60257	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.820291042 CEST	60257	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.820291042 CEST	60257	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.820332050 CEST	443	60257	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.820362091 CEST	443	60257	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.822210073 CEST	60262	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.822292089 CEST	443	60262	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.822370052 CEST	60262	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.822475910 CEST	60262	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.822494984 CEST	443	60262	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.835046053 CEST	443	60259	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.835422039 CEST	60259	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.835443974 CEST	443	60259	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.835813046 CEST	60259	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.835823059 CEST	443	60259	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.859658957 CEST	443	60260	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.859991074 CEST	60260	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.860033035 CEST	443	60260	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.860321999 CEST	60260	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.860333920 CEST	443	60260	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.931210995 CEST	443	60259	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.931750059 CEST	443	60259	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.931827068 CEST	60259	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.931880951 CEST	60259	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.931880951 CEST	60259	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.931915045 CEST	443	60259	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.931935072 CEST	443	60259	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.933861017 CEST	60263	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.933923006 CEST	443	60263	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.934010983 CEST	60263	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.934129000 CEST	60263	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.934144020 CEST	443	60263	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.944271088 CEST	443	60256	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.944417953 CEST	443	60256	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.944489002 CEST	60256	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.944602966 CEST	60256	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.944602966 CEST	60256	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.944645882 CEST	443	60256	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.944659948 CEST	443	60256	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.946297884 CEST	60264	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.946382999 CEST	443	60264	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.946468115 CEST	60264	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.946562052 CEST	60264	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.946584940 CEST	443	60264	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.957123995 CEST	443	60260	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.957264900 CEST	443	60260	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.957333088 CEST	60260	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.957379103 CEST	60260	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.957380056 CEST	60260	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.957402945 CEST	443	60260	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.957425117 CEST	443	60260	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.959172964 CEST	60265	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.959211111 CEST	443	60265	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:09.959279060 CEST	60265	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.959618092 CEST	60265	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:09.959634066 CEST	443	60265	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.115216017 CEST	60258	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.115277052 CEST	443	60258	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.453453064 CEST	443	60262	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.453964949 CEST	60262	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.454042912 CEST	443	60262	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.454375029 CEST	60262	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.454389095 CEST	443	60262	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.454684973 CEST	443	60261	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.454916000 CEST	60261	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.454941988 CEST	443	60261	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.455178976 CEST	60261	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.455188990 CEST	443	60261	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.548882961 CEST	443	60262	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.548968077 CEST	443	60262	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.549074888 CEST	443	60262	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.549201012 CEST	60262	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.549201012 CEST	60262	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.549527884 CEST	60262	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.549529076 CEST	60262	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.549593925 CEST	443	60262	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.549631119 CEST	443	60262	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.550808907 CEST	443	60261	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.550986052 CEST	443	60261	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.551178932 CEST	60261	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.551178932 CEST	60261	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.551178932 CEST	60261	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.552808046 CEST	60266	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.552886963 CEST	443	60266	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.552977085 CEST	60266	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.553126097 CEST	60266	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.553143024 CEST	443	60266	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.553225994 CEST	60267	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.553288937 CEST	443	60267	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.553376913 CEST	60267	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.553452015 CEST	60267	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.553471088 CEST	443	60267	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.581994057 CEST	443	60265	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.582608938 CEST	60265	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.582686901 CEST	443	60265	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.582961082 CEST	60265	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.582974911 CEST	443	60265	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.585441113 CEST	443	60263	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.585766077 CEST	60263	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.585845947 CEST	443	60263	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.586097956 CEST	60263	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.586112976 CEST	443	60263	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.591730118 CEST	443	60264	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.592152119 CEST	60264	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.592242956 CEST	443	60264	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.592343092 CEST	60264	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.592372894 CEST	443	60264	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.687984943 CEST	443	60265	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.688142061 CEST	443	60265	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.688222885 CEST	60265	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.688339949 CEST	60265	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.688380003 CEST	443	60265	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.688405991 CEST	60265	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.688422918 CEST	443	60265	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.689264059 CEST	443	60263	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.689280033 CEST	443	60264	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.689414978 CEST	443	60263	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.689604044 CEST	60263	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.689604044 CEST	60263	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.689604044 CEST	60263	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.689671993 CEST	443	60264	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.689778090 CEST	443	60264	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.689855099 CEST	60264	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.689855099 CEST	60264	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.689946890 CEST	60264	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.689985991 CEST	443	60264	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.690042019 CEST	60264	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.690058947 CEST	443	60264	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.691138029 CEST	60268	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.691198111 CEST	443	60268	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.691299915 CEST	60268	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.691448927 CEST	60268	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.691466093 CEST	443	60268	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.691987991 CEST	60269	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.692035913 CEST	443	60269	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.692082882 CEST	60270	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.692095995 CEST	443	60270	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.692110062 CEST	60269	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.692137957 CEST	60270	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.692181110 CEST	60269	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.692198038 CEST	443	60269	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.692310095 CEST	60270	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.692326069 CEST	443	60270	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.864897966 CEST	60261	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.864959002 CEST	443	60261	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:10.991079092 CEST	60263	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:10.991143942 CEST	443	60263	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.180274010 CEST	443	60267	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.180880070 CEST	60267	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.180953026 CEST	443	60267	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.181204081 CEST	60267	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.181222916 CEST	443	60267	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.191517115 CEST	443	60266	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.191876888 CEST	60266	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.191962957 CEST	443	60266	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.192248106 CEST	60266	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.192265987 CEST	443	60266	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.277426004 CEST	443	60267	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.277561903 CEST	443	60267	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.277623892 CEST	60267	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.277733088 CEST	60267	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.277734041 CEST	60267	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.277762890 CEST	443	60267	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.277786970 CEST	443	60267	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.280383110 CEST	60271	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.280424118 CEST	443	60271	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.280636072 CEST	60271	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.280636072 CEST	60271	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.280706882 CEST	443	60271	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.294152021 CEST	443	60266	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.294296026 CEST	443	60266	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.294363022 CEST	60266	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.294442892 CEST	60266	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.294442892 CEST	60266	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.294478893 CEST	443	60266	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.294502974 CEST	443	60266	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.296571016 CEST	60272	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.296653032 CEST	443	60272	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.296726942 CEST	60272	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.296821117 CEST	60272	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.296839952 CEST	443	60272	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.334244013 CEST	443	60268	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.334769011 CEST	443	60270	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.335290909 CEST	60270	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.335297108 CEST	60268	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.335303068 CEST	443	60270	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.335334063 CEST	443	60268	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.335752010 CEST	60270	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.335756063 CEST	443	60270	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.335802078 CEST	60268	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.335829020 CEST	443	60268	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.380017996 CEST	443	60269	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.380503893 CEST	60269	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.380516052 CEST	443	60269	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.380729914 CEST	60269	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.380733967 CEST	443	60269	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.448080063 CEST	443	60270	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.448257923 CEST	443	60270	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.448421001 CEST	60270	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.448421001 CEST	60270	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.448421001 CEST	60270	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.450073004 CEST	60273	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.450141907 CEST	443	60273	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.450234890 CEST	60273	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.450335026 CEST	60273	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.450351000 CEST	443	60273	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.451489925 CEST	443	60268	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.451564074 CEST	443	60268	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.451622963 CEST	60268	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.451684952 CEST	443	60268	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.451719999 CEST	443	60268	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.451767921 CEST	60268	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.451814890 CEST	60268	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.451814890 CEST	60268	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.451847076 CEST	443	60268	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.451870918 CEST	443	60268	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.453389883 CEST	60274	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.453413010 CEST	443	60274	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.453485012 CEST	60274	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.453578949 CEST	60274	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.453588963 CEST	443	60274	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.548980951 CEST	443	60269	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.549129009 CEST	443	60269	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.549181938 CEST	60269	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.549299955 CEST	60269	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.549316883 CEST	443	60269	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.549324989 CEST	60269	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.549338102 CEST	443	60269	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.551933050 CEST	60275	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.552015066 CEST	443	60275	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.552109957 CEST	60275	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.552246094 CEST	60275	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.552268982 CEST	443	60275	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.755918980 CEST	60270	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.755935907 CEST	443	60270	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.906847000 CEST	443	60272	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.907558918 CEST	60272	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.907634974 CEST	443	60272	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:11.907897949 CEST	60272	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:11.907912016 CEST	443	60272	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.004602909 CEST	443	60272	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.005590916 CEST	443	60272	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.005717993 CEST	443	60272	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.006000042 CEST	60272	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.006000042 CEST	60272	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.006000042 CEST	60272	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.006095886 CEST	60272	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.006131887 CEST	443	60272	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.011950970 CEST	60276	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.012033939 CEST	443	60276	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.012234926 CEST	60276	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.012480974 CEST	60276	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.012501001 CEST	443	60276	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.073873997 CEST	443	60273	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.074368000 CEST	60273	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.074440956 CEST	443	60273	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.074707031 CEST	60273	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.074719906 CEST	443	60273	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.092679977 CEST	443	60274	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.092946053 CEST	60274	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.092967987 CEST	443	60274	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.093379974 CEST	60274	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.093390942 CEST	443	60274	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.166428089 CEST	443	60275	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.167083979 CEST	60275	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.167165041 CEST	443	60275	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.167458057 CEST	60275	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.167474985 CEST	443	60275	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.172717094 CEST	443	60273	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.172851086 CEST	443	60273	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.172930956 CEST	60273	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.173121929 CEST	60273	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.173177004 CEST	443	60273	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.173216105 CEST	60273	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.173230886 CEST	443	60273	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.176363945 CEST	60277	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.176456928 CEST	443	60277	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.176565886 CEST	60277	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.176794052 CEST	60277	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.176816940 CEST	443	60277	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.214891911 CEST	443	60274	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.214966059 CEST	443	60274	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.215018034 CEST	60274	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.215039968 CEST	443	60274	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.215079069 CEST	443	60274	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.215126991 CEST	60274	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.215188026 CEST	60274	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.215207100 CEST	443	60274	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.215229034 CEST	60274	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.215240002 CEST	443	60274	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.217267036 CEST	60278	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.217293978 CEST	443	60278	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.217499971 CEST	60278	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.217499971 CEST	60278	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.217554092 CEST	443	60278	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.261924982 CEST	443	60275	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.263195992 CEST	443	60275	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.263375044 CEST	60275	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.263375044 CEST	60275	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.263375044 CEST	60275	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.265414000 CEST	60279	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.265497923 CEST	443	60279	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.265572071 CEST	60279	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.265866995 CEST	60279	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.265944958 CEST	443	60279	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.568499088 CEST	60275	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.568561077 CEST	443	60275	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.641489029 CEST	443	60276	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.642241001 CEST	60276	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.642298937 CEST	443	60276	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.642554045 CEST	60276	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.642570019 CEST	443	60276	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.736983061 CEST	443	60276	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.737123966 CEST	443	60276	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.737299919 CEST	60276	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.737382889 CEST	60276	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.737382889 CEST	60276	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.737426043 CEST	443	60276	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.737457037 CEST	443	60276	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.740268946 CEST	60281	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.740336895 CEST	443	60281	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.740415096 CEST	60281	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.740586042 CEST	60281	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.740614891 CEST	443	60281	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.825536966 CEST	443	60277	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.825932980 CEST	60277	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.825963020 CEST	443	60277	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.826370001 CEST	60277	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.826375961 CEST	443	60277	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.844563961 CEST	443	60278	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.844985962 CEST	60278	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.844995022 CEST	443	60278	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.845266104 CEST	60278	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.845272064 CEST	443	60278	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.894862890 CEST	443	60279	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.895427942 CEST	60279	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.895509005 CEST	443	60279	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.895831108 CEST	60279	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.895884037 CEST	443	60279	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.926457882 CEST	443	60277	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.926606894 CEST	443	60277	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.926858902 CEST	60277	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.927074909 CEST	60277	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.927076101 CEST	60277	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.927110910 CEST	443	60277	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.927139044 CEST	443	60277	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.929805994 CEST	60282	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.929888964 CEST	443	60282	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.930157900 CEST	60282	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.930157900 CEST	60282	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.930288076 CEST	443	60282	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.938754082 CEST	443	60278	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.938824892 CEST	443	60278	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.938934088 CEST	443	60278	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.938971996 CEST	60278	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.939157963 CEST	60278	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.939270020 CEST	60278	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.939270973 CEST	60278	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.939296007 CEST	443	60278	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.939317942 CEST	443	60278	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.941251040 CEST	60283	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.941299915 CEST	443	60283	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.941375971 CEST	60283	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.941494942 CEST	60283	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.941504002 CEST	443	60283	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.995723009 CEST	443	60279	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.995876074 CEST	443	60279	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.996170998 CEST	60279	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.996170998 CEST	60279	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.996170998 CEST	60279	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.998090029 CEST	60284	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.998162985 CEST	443	60284	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:12.998230934 CEST	60284	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.998326063 CEST	60284	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:12.998342037 CEST	443	60284	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.302886963 CEST	60279	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.302947998 CEST	443	60279	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.354743004 CEST	443	60281	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.355267048 CEST	60281	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.355343103 CEST	443	60281	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.355716944 CEST	60281	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.355730057 CEST	443	60281	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.453846931 CEST	443	60281	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.453995943 CEST	443	60281	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.454190016 CEST	60281	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.460040092 CEST	60281	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.460040092 CEST	60281	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.460089922 CEST	443	60281	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.460124016 CEST	443	60281	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.467309952 CEST	60285	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.467396021 CEST	443	60285	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.467514992 CEST	60285	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.467843056 CEST	60285	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.467916965 CEST	443	60285	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.545746088 CEST	443	60282	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.578881025 CEST	60282	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.578938961 CEST	443	60282	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.579195976 CEST	60282	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.579214096 CEST	443	60282	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.579680920 CEST	443	60283	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.579942942 CEST	60283	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.579957962 CEST	443	60283	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.580270052 CEST	60283	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.580277920 CEST	443	60283	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.612217903 CEST	443	60284	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.615046978 CEST	60284	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.615083933 CEST	443	60284	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.621041059 CEST	60284	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.621059895 CEST	443	60284	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.671129942 CEST	443	60282	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.671287060 CEST	443	60282	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.671374083 CEST	60282	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.671479940 CEST	60282	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.671479940 CEST	60282	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.671508074 CEST	443	60282	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.671531916 CEST	443	60282	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.674021006 CEST	60286	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.674104929 CEST	443	60286	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.674215078 CEST	60286	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.674309969 CEST	60286	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.674334049 CEST	443	60286	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.674856901 CEST	443	60283	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.675048113 CEST	443	60283	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.675106049 CEST	60283	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.675123930 CEST	443	60283	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.675148010 CEST	443	60283	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.675189018 CEST	60283	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.675209999 CEST	60283	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.675228119 CEST	443	60283	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.675239086 CEST	60283	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.675245047 CEST	443	60283	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.677007914 CEST	60287	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.677043915 CEST	443	60287	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.677110910 CEST	60287	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.677215099 CEST	60287	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.677221060 CEST	443	60287	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.711941004 CEST	443	60284	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.712122917 CEST	443	60284	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.712215900 CEST	60284	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.712239981 CEST	60284	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.712253094 CEST	443	60284	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.712264061 CEST	60284	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.712270021 CEST	443	60284	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.713912010 CEST	60288	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.713968992 CEST	443	60288	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:13.714045048 CEST	60288	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.714154959 CEST	60288	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:13.714168072 CEST	443	60288	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.174221992 CEST	60289	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:14.174263000 CEST	443	60289	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:14.174324989 CEST	60289	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:14.174545050 CEST	60289	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:14.174561977 CEST	443	60289	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:14.180565119 CEST	60290	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:14.180593014 CEST	443	60290	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:14.180655003 CEST	60290	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:14.180875063 CEST	60290	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:14.180902004 CEST	443	60290	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:14.274760008 CEST	443	60271	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.275365114 CEST	60271	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.275434017 CEST	443	60271	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.275799990 CEST	60271	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.275815010 CEST	443	60271	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.288870096 CEST	443	60286	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.289272070 CEST	60286	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.289352894 CEST	443	60286	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.289661884 CEST	60286	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.289676905 CEST	443	60286	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.341948986 CEST	443	60287	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.342304945 CEST	60287	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.342363119 CEST	443	60287	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.342770100 CEST	60287	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.342781067 CEST	443	60287	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.359508038 CEST	443	60288	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.359808922 CEST	60288	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.359850883 CEST	443	60288	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.360150099 CEST	60288	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.360165119 CEST	443	60288	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.386991024 CEST	443	60286	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.387144089 CEST	443	60286	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.387161970 CEST	443	60271	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.387218952 CEST	60286	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.387418032 CEST	60286	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.387418985 CEST	60286	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.387449026 CEST	443	60286	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.387476921 CEST	443	60286	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.387553930 CEST	443	60271	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.387620926 CEST	60271	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.387682915 CEST	60271	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.387684107 CEST	60271	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.387711048 CEST	443	60271	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.387732983 CEST	443	60271	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.390204906 CEST	60291	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.390259027 CEST	60292	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.390266895 CEST	443	60291	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.390341043 CEST	60291	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.390347958 CEST	443	60292	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.390415907 CEST	60292	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.390484095 CEST	60291	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.390497923 CEST	443	60291	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.390530109 CEST	60292	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.390547991 CEST	443	60292	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.432734013 CEST	443	60285	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.433145046 CEST	60285	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.433227062 CEST	443	60285	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.433497906 CEST	60285	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.433552980 CEST	443	60285	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.440243006 CEST	443	60287	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.440310955 CEST	443	60287	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.440398932 CEST	60287	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.440408945 CEST	443	60287	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.440466881 CEST	60287	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.440512896 CEST	60287	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.440512896 CEST	60287	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.440552950 CEST	443	60287	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.440582991 CEST	443	60287	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.442363024 CEST	60293	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.442445993 CEST	443	60293	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.442559958 CEST	60293	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.442651033 CEST	60293	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.442673922 CEST	443	60293	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.457847118 CEST	443	60288	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.458000898 CEST	443	60288	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.458173990 CEST	60288	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.458237886 CEST	60288	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.458239079 CEST	60288	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.458265066 CEST	443	60288	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.458287954 CEST	443	60288	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.460056067 CEST	60294	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.460139990 CEST	443	60294	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.460397959 CEST	60294	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.460398912 CEST	60294	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.460530043 CEST	443	60294	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.532931089 CEST	443	60285	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.533216953 CEST	443	60285	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.533396006 CEST	60285	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.533565044 CEST	60285	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.533565044 CEST	60285	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.533607960 CEST	443	60285	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.533638000 CEST	443	60285	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.535491943 CEST	60295	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.535573006 CEST	443	60295	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.535655022 CEST	60295	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.535768032 CEST	60295	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:14.535784960 CEST	443	60295	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:14.779376030 CEST	443	60289	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:14.779797077 CEST	60289	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:14.779839993 CEST	443	60289	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:14.781095028 CEST	443	60289	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:14.781414032 CEST	60289	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:14.781593084 CEST	443	60289	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:14.781625032 CEST	60289	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:14.781672955 CEST	60289	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:14.781697035 CEST	443	60289	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:14.798455000 CEST	443	60290	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:14.798660994 CEST	60290	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:14.798679113 CEST	443	60290	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:14.800349951 CEST	443	60290	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:14.800637007 CEST	60290	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:14.800766945 CEST	60290	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:14.800782919 CEST	443	60290	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:14.800807953 CEST	60290	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:14.800863981 CEST	443	60290	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:14.801105976 CEST	443	60290	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:14.850666046 CEST	60290	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:15.068664074 CEST	443	60289	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:15.068985939 CEST	443	60289	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:15.069210052 CEST	60289	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:15.069628954 CEST	60289	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:15.069662094 CEST	443	60289	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:15.073285103 CEST	443	60291	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.073704958 CEST	443	60292	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.074011087 CEST	60291	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.074024916 CEST	443	60291	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.074111938 CEST	60292	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.074171066 CEST	443	60292	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.074551105 CEST	60291	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.074558020 CEST	443	60291	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.074712038 CEST	60292	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.074726105 CEST	443	60292	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.080971956 CEST	443	60293	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.081392050 CEST	60293	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.081480026 CEST	443	60293	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.081564903 CEST	60293	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.081581116 CEST	443	60293	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.086596012 CEST	443	60290	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:15.087232113 CEST	443	60290	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:15.087301016 CEST	60290	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:15.087378979 CEST	60290	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:15.087434053 CEST	443	60290	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:15.099623919 CEST	443	60294	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.100132942 CEST	60294	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.100210905 CEST	443	60294	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.100605965 CEST	60294	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.100619078 CEST	443	60294	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.175220966 CEST	443	60291	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.175368071 CEST	443	60291	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.175488949 CEST	60291	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.175605059 CEST	60291	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.175623894 CEST	443	60291	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.175642014 CEST	60291	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.175652027 CEST	443	60291	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.176899910 CEST	443	60292	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.177048922 CEST	443	60292	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.177134037 CEST	60292	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.177134037 CEST	60292	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.177211046 CEST	60292	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.177248955 CEST	443	60292	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.179039955 CEST	443	60293	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.179049015 CEST	60297	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.179063082 CEST	60296	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.179085016 CEST	443	60297	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.179111004 CEST	443	60293	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.179125071 CEST	443	60296	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.179145098 CEST	60297	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.179177999 CEST	60293	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.179208994 CEST	60296	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.179244995 CEST	443	60293	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.179333925 CEST	60297	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.179349899 CEST	443	60297	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.179361105 CEST	60296	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.179406881 CEST	443	60296	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.179447889 CEST	443	60293	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.179476023 CEST	60293	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.179528952 CEST	443	60293	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.179567099 CEST	60293	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.179567099 CEST	60293	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.179586887 CEST	443	60293	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.179606915 CEST	443	60293	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.181453943 CEST	443	60295	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.181749105 CEST	60295	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.181772947 CEST	443	60295	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.181982040 CEST	60298	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.181992054 CEST	443	60298	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.182041883 CEST	60298	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.182077885 CEST	60295	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.182090044 CEST	443	60295	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.182190895 CEST	60298	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.182204008 CEST	443	60298	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.201323986 CEST	443	60294	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.201469898 CEST	443	60294	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.201539993 CEST	60294	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.201582909 CEST	60294	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.201605082 CEST	443	60294	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.201633930 CEST	60294	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.201644897 CEST	443	60294	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.203315973 CEST	60299	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.203360081 CEST	443	60299	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.203469038 CEST	60299	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.203582048 CEST	60299	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.203610897 CEST	443	60299	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.281192064 CEST	443	60295	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.282155991 CEST	443	60295	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.282236099 CEST	60295	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.282300949 CEST	443	60295	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.282341003 CEST	443	60295	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.282402039 CEST	60295	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.282402039 CEST	60295	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.282450914 CEST	443	60295	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.284864902 CEST	60300	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.284904003 CEST	443	60300	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.284972906 CEST	60300	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.285136938 CEST	60300	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.285152912 CEST	443	60300	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.793355942 CEST	443	60296	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.793860912 CEST	60296	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.793939114 CEST	443	60296	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.794289112 CEST	60296	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.794302940 CEST	443	60296	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.806802988 CEST	443	60297	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.807193041 CEST	60297	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.807230949 CEST	443	60297	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.807553053 CEST	60297	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.807559967 CEST	443	60297	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.811430931 CEST	443	60298	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.811659098 CEST	60298	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.811671019 CEST	443	60298	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.811976910 CEST	60298	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.811980963 CEST	443	60298	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.814572096 CEST	443	60299	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.814783096 CEST	60299	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.814821005 CEST	443	60299	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.815080881 CEST	60299	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.815095901 CEST	443	60299	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.887631893 CEST	443	60296	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.887698889 CEST	443	60296	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.887797117 CEST	443	60296	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.887924910 CEST	60296	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.887924910 CEST	60296	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.893685102 CEST	60296	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.893685102 CEST	60296	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.893727064 CEST	443	60296	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.893754959 CEST	443	60296	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.896589041 CEST	443	60300	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.898255110 CEST	60301	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.898312092 CEST	443	60301	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.898370981 CEST	60301	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.905244112 CEST	443	60297	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.905376911 CEST	443	60297	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.905433893 CEST	60297	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.906411886 CEST	60300	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.906446934 CEST	443	60300	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.908971071 CEST	443	60298	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.909122944 CEST	443	60298	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.909172058 CEST	60298	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.909807920 CEST	443	60299	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.909816027 CEST	60300	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.909828901 CEST	443	60300	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.910149097 CEST	443	60299	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.910206079 CEST	60299	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.910231113 CEST	443	60299	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.910259962 CEST	443	60299	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.910311937 CEST	60299	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.935338020 CEST	60298	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.935338020 CEST	60298	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.935375929 CEST	443	60298	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.935415030 CEST	443	60298	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.937442064 CEST	60299	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.937442064 CEST	60299	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.937467098 CEST	443	60299	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.937488079 CEST	443	60299	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.952212095 CEST	60301	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.952255011 CEST	443	60301	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.957428932 CEST	60297	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.957442999 CEST	443	60297	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.995733976 CEST	60302	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.995769024 CEST	443	60302	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.995857954 CEST	60302	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.997068882 CEST	60302	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.997087002 CEST	443	60302	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.998897076 CEST	60303	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.998977900 CEST	443	60303	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:15.999059916 CEST	60303	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.999305964 CEST	60303	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:15.999337912 CEST	443	60303	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.000269890 CEST	60304	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.000351906 CEST	443	60304	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.000412941 CEST	60304	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.000679970 CEST	60304	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.000704050 CEST	443	60304	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.001635075 CEST	443	60300	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.001808882 CEST	443	60300	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.001868963 CEST	60300	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.001912117 CEST	60300	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.001934052 CEST	443	60300	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.003618002 CEST	60305	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.003705025 CEST	443	60305	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.003779888 CEST	60305	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.003879070 CEST	60305	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.003905058 CEST	443	60305	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.173760891 CEST	443	60235	142.250.185.132	192.168.2.4
Oct 7, 2024 20:47:16.173882961 CEST	443	60235	142.250.185.132	192.168.2.4
Oct 7, 2024 20:47:16.173954964 CEST	60235	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:47:16.512305975 CEST	443	60301	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.513041019 CEST	60301	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.513071060 CEST	443	60301	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.513452053 CEST	60301	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.513458014 CEST	443	60301	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.609210968 CEST	443	60301	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.609296083 CEST	443	60301	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.609536886 CEST	60301	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.609559059 CEST	443	60301	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.609735012 CEST	443	60301	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.609786987 CEST	60301	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.609786987 CEST	60301	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.609786987 CEST	60301	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.609818935 CEST	443	60301	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.612441063 CEST	60306	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.612525940 CEST	443	60306	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.612754107 CEST	60306	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.612754107 CEST	60306	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.612888098 CEST	443	60306	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.614734888 CEST	443	60302	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.615118027 CEST	60302	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.615138054 CEST	443	60302	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.615606070 CEST	60302	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.615611076 CEST	443	60302	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.615618944 CEST	443	60304	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.615869999 CEST	60304	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.615942001 CEST	443	60304	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.616322041 CEST	60304	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.616333961 CEST	443	60304	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.618484020 CEST	443	60303	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.618791103 CEST	60303	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.618845940 CEST	443	60303	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.619318962 CEST	60303	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.619333029 CEST	443	60303	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.643769979 CEST	443	60305	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.644311905 CEST	60305	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.644395113 CEST	443	60305	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.644814014 CEST	60305	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.644829035 CEST	443	60305	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.707911015 CEST	443	60302	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.708360910 CEST	443	60302	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.708414078 CEST	60302	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.708439112 CEST	60302	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.708448887 CEST	443	60302	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.708456993 CEST	60302	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.708460093 CEST	443	60302	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.712522030 CEST	443	60304	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.712692022 CEST	443	60304	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.712755919 CEST	60304	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.713485956 CEST	443	60303	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.713627100 CEST	443	60303	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.713794947 CEST	60303	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.713895082 CEST	60307	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.713984966 CEST	443	60307	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.714024067 CEST	60304	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.714024067 CEST	60304	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.714051962 CEST	443	60304	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.714082003 CEST	443	60304	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.714134932 CEST	60307	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.720289946 CEST	60307	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.720325947 CEST	443	60307	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.720487118 CEST	60303	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.720487118 CEST	60303	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.720551014 CEST	443	60303	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.720585108 CEST	443	60303	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.730868101 CEST	60308	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.730952024 CEST	443	60308	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.731057882 CEST	60308	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.735156059 CEST	60308	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.735233068 CEST	443	60308	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.736171007 CEST	60309	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.736236095 CEST	443	60309	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.736298084 CEST	60309	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.736444950 CEST	60309	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.736459017 CEST	443	60309	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.743835926 CEST	443	60305	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.743946075 CEST	443	60305	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.744005919 CEST	60305	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.744069099 CEST	443	60305	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.744173050 CEST	60305	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.744174004 CEST	60305	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.744195938 CEST	443	60305	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.744374990 CEST	443	60305	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.745949030 CEST	60310	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.745971918 CEST	443	60310	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.746038914 CEST	60310	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.746134043 CEST	60310	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.746145964 CEST	443	60310	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:16.913016081 CEST	60301	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:16.913074970 CEST	443	60301	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.285759926 CEST	443	60306	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.287631989 CEST	60306	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.287672043 CEST	443	60306	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.288672924 CEST	60306	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.288686037 CEST	443	60306	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.372597933 CEST	443	60307	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.373191118 CEST	60307	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.373250961 CEST	443	60307	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.373894930 CEST	60307	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.373948097 CEST	443	60307	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.376594067 CEST	443	60308	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.376904964 CEST	60308	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.376960993 CEST	443	60308	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.377438068 CEST	60308	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.377453089 CEST	443	60308	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.382560015 CEST	443	60310	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.383939981 CEST	443	60306	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.383981943 CEST	60310	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.384010077 CEST	443	60310	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.384114027 CEST	443	60306	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.384181023 CEST	60306	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.384490013 CEST	60310	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.384500027 CEST	443	60310	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.385238886 CEST	60306	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.385272026 CEST	443	60306	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.385298967 CEST	60306	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.385329008 CEST	443	60306	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.387969017 CEST	60311	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.388021946 CEST	443	60311	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.388106108 CEST	60311	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.388286114 CEST	60311	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.388302088 CEST	443	60311	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.398003101 CEST	443	60309	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.398374081 CEST	60309	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.398401022 CEST	443	60309	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.398716927 CEST	60309	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.398726940 CEST	443	60309	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.467797995 CEST	443	60307	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.467869043 CEST	443	60307	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.467978954 CEST	443	60307	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.468146086 CEST	60307	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.468146086 CEST	60307	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.468296051 CEST	60307	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.468296051 CEST	60307	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.468342066 CEST	443	60307	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.468369961 CEST	443	60307	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.471518040 CEST	60312	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.471561909 CEST	443	60312	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.471642017 CEST	60312	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.471797943 CEST	60312	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.471806049 CEST	443	60312	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.474848032 CEST	443	60308	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.474994898 CEST	443	60308	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.475059986 CEST	60308	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.475410938 CEST	60308	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.475410938 CEST	60308	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.475476027 CEST	443	60308	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.475512028 CEST	443	60308	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.478344917 CEST	60313	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.478425980 CEST	443	60313	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.478524923 CEST	60313	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.478632927 CEST	60313	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.478652000 CEST	443	60313	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.500443935 CEST	443	60309	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.500592947 CEST	443	60309	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.500785112 CEST	60309	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.500786066 CEST	60309	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.500786066 CEST	60309	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.502796888 CEST	60314	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.502878904 CEST	443	60314	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.502966881 CEST	60314	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.503084898 CEST	60314	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.503103971 CEST	443	60314	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.508641958 CEST	443	60310	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.508996964 CEST	443	60310	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.509067059 CEST	60310	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.509104967 CEST	60310	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.509104967 CEST	60310	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.509166002 CEST	443	60310	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.509197950 CEST	443	60310	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.511183977 CEST	60315	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.511207104 CEST	443	60315	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.511264086 CEST	60315	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.511359930 CEST	60315	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.511365891 CEST	443	60315	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:17.802473068 CEST	60309	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:17.802540064 CEST	443	60309	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.018460035 CEST	443	60311	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.018956900 CEST	60311	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.019032001 CEST	443	60311	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.019421101 CEST	60311	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.019433975 CEST	443	60311	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.096208096 CEST	443	60313	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.096793890 CEST	60313	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.096878052 CEST	443	60313	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.097177982 CEST	60313	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.097193003 CEST	443	60313	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.115070105 CEST	443	60311	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.115422010 CEST	443	60311	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.115475893 CEST	60311	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.115509987 CEST	443	60311	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.115541935 CEST	443	60311	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.115590096 CEST	60311	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.121018887 CEST	60311	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.121018887 CEST	60311	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.121049881 CEST	443	60311	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.121071100 CEST	443	60311	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.124345064 CEST	60316	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.124453068 CEST	443	60316	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.124531984 CEST	60316	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.124764919 CEST	60316	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.124802113 CEST	443	60316	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.159615040 CEST	443	60314	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.160034895 CEST	60314	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.160084009 CEST	443	60314	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.160410881 CEST	60314	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.160427094 CEST	443	60314	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.161178112 CEST	443	60315	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.161403894 CEST	60315	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.161439896 CEST	443	60315	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.161712885 CEST	60315	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.161720037 CEST	443	60315	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.190399885 CEST	443	60312	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.190700054 CEST	60312	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.190716982 CEST	443	60312	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.190995932 CEST	60312	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.191000938 CEST	443	60312	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.196264029 CEST	443	60313	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.196333885 CEST	443	60313	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.196399927 CEST	60313	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.196422100 CEST	443	60313	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.196449995 CEST	443	60313	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.196507931 CEST	60313	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.196554899 CEST	60313	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.196554899 CEST	60313	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.196583033 CEST	443	60313	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.196604967 CEST	443	60313	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.198645115 CEST	60317	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.198714972 CEST	443	60317	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.198791027 CEST	60317	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.198887110 CEST	60317	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.198905945 CEST	443	60317	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.260622978 CEST	443	60314	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.260822058 CEST	443	60314	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.260900974 CEST	60314	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.264589071 CEST	443	60315	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.264750004 CEST	443	60315	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.264805079 CEST	60315	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.271421909 CEST	60314	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.271445990 CEST	443	60314	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.271470070 CEST	60314	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.271482944 CEST	443	60314	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.272288084 CEST	60315	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.272316933 CEST	443	60315	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.272330999 CEST	60315	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.272340059 CEST	443	60315	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.274286032 CEST	60318	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.274303913 CEST	60319	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.274347067 CEST	443	60318	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.274370909 CEST	443	60319	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.274435043 CEST	60318	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.274456024 CEST	60319	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.274545908 CEST	60318	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.274563074 CEST	443	60318	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.274606943 CEST	60319	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.274621964 CEST	443	60319	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.285093069 CEST	443	60312	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.285439014 CEST	443	60312	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.285509109 CEST	60312	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.285542965 CEST	60312	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.285550117 CEST	443	60312	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.285562038 CEST	60312	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.285567045 CEST	443	60312	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.287853956 CEST	60320	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.287873983 CEST	443	60320	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.287935972 CEST	60320	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.292493105 CEST	60320	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.292519093 CEST	443	60320	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.786879063 CEST	443	60316	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.787506104 CEST	60316	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.787570000 CEST	443	60316	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.787858009 CEST	60316	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.787873983 CEST	443	60316	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.824649096 CEST	443	60317	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.825262070 CEST	60317	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.825304031 CEST	443	60317	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.825670958 CEST	60317	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.825685024 CEST	443	60317	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.881650925 CEST	443	60316	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.881831884 CEST	443	60316	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.881972075 CEST	60316	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.881972075 CEST	60316	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.884586096 CEST	60316	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.884624958 CEST	443	60316	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.884695053 CEST	60321	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.884778976 CEST	443	60321	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.884865046 CEST	60321	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.884989977 CEST	60321	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.885023117 CEST	443	60321	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.895126104 CEST	443	60318	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.895755053 CEST	60318	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.895814896 CEST	443	60318	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.895982981 CEST	60318	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.895998001 CEST	443	60318	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.917748928 CEST	443	60319	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.918171883 CEST	60319	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.918231010 CEST	443	60319	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.918462038 CEST	60319	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.918478012 CEST	443	60319	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.924168110 CEST	443	60317	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.924338102 CEST	443	60317	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.924432993 CEST	60317	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.924511909 CEST	60317	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.924549103 CEST	443	60317	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.924590111 CEST	60317	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.924612999 CEST	443	60317	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.926486015 CEST	60322	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.926526070 CEST	443	60322	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.926610947 CEST	60322	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.926767111 CEST	60322	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.926786900 CEST	443	60322	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.946695089 CEST	443	60320	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.946962118 CEST	60320	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.946970940 CEST	443	60320	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.947277069 CEST	60320	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.947280884 CEST	443	60320	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.996474028 CEST	443	60318	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.996556044 CEST	443	60318	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.996685982 CEST	60318	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.996773958 CEST	60318	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.996773958 CEST	60318	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.996817112 CEST	443	60318	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.996855021 CEST	443	60318	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.998596907 CEST	60323	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.998640060 CEST	443	60323	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:18.998718977 CEST	60323	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.998836994 CEST	60323	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:18.998856068 CEST	443	60323	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.017602921 CEST	443	60319	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.017781973 CEST	443	60319	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.017855883 CEST	60319	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.017880917 CEST	60319	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.017880917 CEST	60319	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.017890930 CEST	443	60319	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.017900944 CEST	443	60319	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.019630909 CEST	60324	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.019664049 CEST	443	60324	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.019728899 CEST	60324	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.019839048 CEST	60324	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.019845963 CEST	443	60324	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.072355032 CEST	443	60320	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.072715998 CEST	443	60320	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.072884083 CEST	60320	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.072901964 CEST	60320	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.072907925 CEST	443	60320	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.072918892 CEST	60320	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.072925091 CEST	443	60320	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.074542999 CEST	60325	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.074625015 CEST	443	60325	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.074706078 CEST	60325	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.074820995 CEST	60325	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.074845076 CEST	443	60325	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.551635027 CEST	443	60322	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.552083969 CEST	60322	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.552107096 CEST	443	60322	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.552772999 CEST	60322	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.552778959 CEST	443	60322	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.631513119 CEST	443	60324	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.633353949 CEST	60324	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.633384943 CEST	443	60324	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.633675098 CEST	60324	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.633681059 CEST	443	60324	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.646900892 CEST	443	60322	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.647053003 CEST	443	60322	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.647258997 CEST	60322	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.649168968 CEST	60322	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.649169922 CEST	60322	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.649218082 CEST	443	60322	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.649246931 CEST	443	60322	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.649899006 CEST	443	60323	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.652275085 CEST	60326	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.652313948 CEST	443	60326	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.652472973 CEST	60323	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.652506113 CEST	60326	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.652523041 CEST	443	60323	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.652616024 CEST	60326	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.652635098 CEST	443	60326	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.652879953 CEST	60323	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.652888060 CEST	443	60323	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.722352982 CEST	443	60325	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.723395109 CEST	60325	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.723453999 CEST	443	60325	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.723651886 CEST	60325	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.723668098 CEST	443	60325	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.726655006 CEST	443	60324	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.726797104 CEST	443	60324	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.726854086 CEST	60324	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.726901054 CEST	60324	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.726918936 CEST	443	60324	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.726931095 CEST	60324	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.726938009 CEST	443	60324	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.729127884 CEST	60327	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.729151011 CEST	443	60327	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.729223967 CEST	60327	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.729389906 CEST	60327	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.729407072 CEST	443	60327	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.751674891 CEST	443	60323	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.751756907 CEST	443	60323	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.751818895 CEST	60323	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.751938105 CEST	60323	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.751938105 CEST	60323	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.751961946 CEST	443	60323	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.751972914 CEST	443	60323	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.754173040 CEST	60328	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.754256010 CEST	443	60328	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.754342079 CEST	60328	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.754462004 CEST	60328	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.754494905 CEST	443	60328	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.838978052 CEST	443	60325	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.839035988 CEST	443	60325	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.839107990 CEST	60325	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.839135885 CEST	443	60325	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.839181900 CEST	443	60325	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.839241982 CEST	60325	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.839368105 CEST	60325	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.839368105 CEST	60325	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.839402914 CEST	443	60325	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.839426041 CEST	443	60325	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.841881990 CEST	60329	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.841978073 CEST	443	60329	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:19.842060089 CEST	60329	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.842190981 CEST	60329	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:19.842209101 CEST	443	60329	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.282104969 CEST	443	60326	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.282903910 CEST	60326	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.282984018 CEST	443	60326	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.283309937 CEST	60326	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.283363104 CEST	443	60326	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.352643967 CEST	443	60327	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.353050947 CEST	60327	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.353072882 CEST	443	60327	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.353657007 CEST	60327	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.353662968 CEST	443	60327	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.373579025 CEST	443	60328	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.373992920 CEST	60328	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.374074936 CEST	443	60328	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.374320984 CEST	60328	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.374336958 CEST	443	60328	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.379802942 CEST	443	60326	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.380213976 CEST	443	60326	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.380284071 CEST	60326	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.380312920 CEST	443	60326	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.380381107 CEST	60326	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.380438089 CEST	60326	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.380438089 CEST	60326	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.380477905 CEST	443	60326	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.380505085 CEST	443	60326	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.383117914 CEST	60330	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.383208036 CEST	443	60330	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.383301020 CEST	60330	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.383466005 CEST	60330	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.383491039 CEST	443	60330	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.420968056 CEST	443	60321	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.421439886 CEST	60321	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.421500921 CEST	443	60321	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.421624899 CEST	60321	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.421639919 CEST	443	60321	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.451642036 CEST	443	60327	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.451730013 CEST	443	60327	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.451771021 CEST	60327	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.451783895 CEST	443	60327	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.451862097 CEST	443	60327	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.451899052 CEST	60327	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.451924086 CEST	443	60327	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.451939106 CEST	60327	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.451939106 CEST	60327	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.451950073 CEST	443	60327	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.451960087 CEST	443	60327	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.454071999 CEST	60331	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.454154015 CEST	443	60331	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.454231977 CEST	60331	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.454329967 CEST	60331	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.454355001 CEST	443	60331	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.459464073 CEST	443	60329	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.459734917 CEST	60329	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.459767103 CEST	443	60329	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.460324049 CEST	60329	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.460334063 CEST	443	60329	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.471693993 CEST	443	60328	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.471759081 CEST	443	60328	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.471821070 CEST	60328	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.471927881 CEST	60328	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.471927881 CEST	60328	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.471955061 CEST	443	60328	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.471976995 CEST	443	60328	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.473875046 CEST	60332	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.473953962 CEST	443	60332	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.474018097 CEST	60332	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.474123001 CEST	60332	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.474154949 CEST	443	60332	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.517254114 CEST	443	60321	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.517620087 CEST	443	60321	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.517688036 CEST	60321	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.517712116 CEST	443	60321	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.517774105 CEST	60321	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.517834902 CEST	60321	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.517836094 CEST	60321	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.517875910 CEST	443	60321	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.517906904 CEST	443	60321	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.520083904 CEST	60333	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.520183086 CEST	443	60333	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.520256042 CEST	60333	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.520430088 CEST	60333	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.520468950 CEST	443	60333	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.557504892 CEST	443	60329	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.557579994 CEST	443	60329	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.557641029 CEST	60329	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.557672024 CEST	443	60329	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.557701111 CEST	443	60329	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.557748079 CEST	60329	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.557974100 CEST	60329	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.558005095 CEST	443	60329	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.558031082 CEST	60329	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.558043003 CEST	443	60329	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.562378883 CEST	60334	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.562407970 CEST	443	60334	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:20.562474966 CEST	60334	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.562745094 CEST	60334	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:20.562769890 CEST	443	60334	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.013684988 CEST	443	60330	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.014484882 CEST	60330	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.014514923 CEST	443	60330	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.014880896 CEST	60330	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.014895916 CEST	443	60330	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.075495005 CEST	443	60331	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.076059103 CEST	60331	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.076116085 CEST	443	60331	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.076421022 CEST	60331	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.076474905 CEST	443	60331	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.096038103 CEST	443	60332	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.096364021 CEST	60332	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.096443892 CEST	443	60332	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.096692085 CEST	60332	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.096705914 CEST	443	60332	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.108045101 CEST	443	60330	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.108433008 CEST	443	60330	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.108530045 CEST	60330	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.108613014 CEST	60330	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.108613014 CEST	60330	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.108655930 CEST	443	60330	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.108689070 CEST	443	60330	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.111094952 CEST	60335	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.111177921 CEST	443	60335	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.111274958 CEST	60335	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.111469030 CEST	60335	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.111502886 CEST	443	60335	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.160588980 CEST	443	60333	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.161226034 CEST	60333	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.161252022 CEST	443	60333	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.161520958 CEST	60333	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.161529064 CEST	443	60333	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.171547890 CEST	443	60331	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.171593904 CEST	443	60331	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.171711922 CEST	443	60331	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.171814919 CEST	60331	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.171814919 CEST	60331	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.171902895 CEST	60331	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.171902895 CEST	60331	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.171943903 CEST	443	60331	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.171978951 CEST	443	60331	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.173858881 CEST	60336	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.173943043 CEST	443	60336	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.174046040 CEST	60336	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.174143076 CEST	60336	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.174165010 CEST	443	60336	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.193176985 CEST	443	60332	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.193552971 CEST	443	60332	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.193623066 CEST	443	60332	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.193747044 CEST	60332	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.193747997 CEST	60332	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.193747997 CEST	60332	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.193747997 CEST	60332	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.193840981 CEST	443	60332	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.195779085 CEST	60337	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.195811033 CEST	443	60337	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.196919918 CEST	60337	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.197401047 CEST	60337	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.197417021 CEST	443	60337	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.204713106 CEST	443	60334	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.205136061 CEST	60334	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.205152988 CEST	443	60334	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.205502033 CEST	60334	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.205507994 CEST	443	60334	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.257792950 CEST	443	60333	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.258610964 CEST	443	60333	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.258672953 CEST	60333	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.258702040 CEST	443	60333	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.258723974 CEST	443	60333	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.258785963 CEST	60333	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.258811951 CEST	443	60333	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.258825064 CEST	60333	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.258825064 CEST	60333	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.258833885 CEST	443	60333	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.258841991 CEST	443	60333	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.260957003 CEST	60338	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.260974884 CEST	443	60338	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.261105061 CEST	60338	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.261188984 CEST	60338	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.261193991 CEST	443	60338	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.306139946 CEST	443	60334	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.306304932 CEST	443	60334	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.306365013 CEST	60334	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.306406975 CEST	60334	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.306416035 CEST	443	60334	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.306428909 CEST	60334	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.306432962 CEST	443	60334	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.308567047 CEST	60339	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.308650970 CEST	443	60339	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.308748007 CEST	60339	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.308882952 CEST	60339	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.308911085 CEST	443	60339	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.506653070 CEST	60332	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.506675959 CEST	443	60332	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.722878933 CEST	443	60335	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.725800991 CEST	60335	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.725833893 CEST	443	60335	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.726193905 CEST	60335	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.726207972 CEST	443	60335	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.784347057 CEST	443	60336	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.785196066 CEST	60336	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.785255909 CEST	443	60336	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.785527945 CEST	60336	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.785542011 CEST	443	60336	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.806037903 CEST	443	60337	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.809295893 CEST	60337	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.809317112 CEST	443	60337	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.809782982 CEST	60337	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.809792995 CEST	443	60337	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.817043066 CEST	443	60335	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.817254066 CEST	443	60335	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.817338943 CEST	60335	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.817634106 CEST	60335	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.817634106 CEST	60335	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.817698956 CEST	443	60335	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.817733049 CEST	443	60335	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.820343971 CEST	60340	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.820426941 CEST	443	60340	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.820656061 CEST	60340	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.820657015 CEST	60340	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.820786953 CEST	443	60340	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.876765013 CEST	443	60338	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.877088070 CEST	443	60336	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.877136946 CEST	60338	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.877142906 CEST	443	60338	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.877242088 CEST	443	60336	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.877430916 CEST	60336	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.877432108 CEST	60336	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.877432108 CEST	60336	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.877578974 CEST	60338	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.877583027 CEST	443	60338	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.879174948 CEST	60341	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.879228115 CEST	443	60341	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.879288912 CEST	60341	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.879395962 CEST	60341	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.879405022 CEST	443	60341	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.902457952 CEST	443	60337	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.902825117 CEST	443	60337	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.902872086 CEST	443	60337	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.902964115 CEST	60337	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.903016090 CEST	60337	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.903016090 CEST	60337	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.903028965 CEST	443	60337	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.903034925 CEST	443	60337	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.905186892 CEST	60342	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.905221939 CEST	443	60342	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.905380964 CEST	60342	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.905502081 CEST	60342	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.905508995 CEST	443	60342	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.924551964 CEST	443	60339	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.925240040 CEST	60339	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.925298929 CEST	443	60339	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.925672054 CEST	60339	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.925687075 CEST	443	60339	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.971620083 CEST	443	60338	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.971750021 CEST	443	60338	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.971867085 CEST	60338	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.971941948 CEST	60338	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.971941948 CEST	60338	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.971950054 CEST	443	60338	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.971956968 CEST	443	60338	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.973499060 CEST	60343	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.973582029 CEST	443	60343	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:21.973675013 CEST	60343	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.973766088 CEST	60343	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:21.973783970 CEST	443	60343	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.075687885 CEST	443	60339	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.075802088 CEST	443	60339	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.075850964 CEST	443	60339	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.075983047 CEST	60339	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.075983047 CEST	60339	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.075983047 CEST	60339	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.076073885 CEST	443	60339	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.076118946 CEST	60339	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.076136112 CEST	443	60339	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.077548981 CEST	60344	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.077636957 CEST	443	60344	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.077706099 CEST	60344	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.077814102 CEST	60344	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.077831984 CEST	443	60344	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.193734884 CEST	60336	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.193797112 CEST	443	60336	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.434730053 CEST	443	60340	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.435327053 CEST	60340	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.435408115 CEST	443	60340	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.435626984 CEST	60340	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.435642004 CEST	443	60340	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.504976034 CEST	443	60341	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.505417109 CEST	60341	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.505497932 CEST	443	60341	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.505752087 CEST	60341	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.505764961 CEST	443	60341	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.529604912 CEST	443	60340	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.529859066 CEST	443	60340	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.529949903 CEST	60340	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.529949903 CEST	60340	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.530026913 CEST	60340	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.530062914 CEST	443	60340	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.532805920 CEST	60345	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.532885075 CEST	443	60345	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.532988071 CEST	60345	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.533119917 CEST	60345	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.533143044 CEST	443	60345	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.552046061 CEST	443	60342	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.552427053 CEST	60342	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.552462101 CEST	443	60342	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.553101063 CEST	60342	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.553111076 CEST	443	60342	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.605011940 CEST	443	60341	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.605083942 CEST	443	60341	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.605185986 CEST	443	60341	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.605257034 CEST	60341	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.605338097 CEST	60341	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.605338097 CEST	60341	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.605372906 CEST	443	60341	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.605396032 CEST	443	60341	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.607989073 CEST	60346	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.608020067 CEST	443	60346	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.608122110 CEST	60346	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.608263016 CEST	60346	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.608278990 CEST	443	60346	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.630923033 CEST	443	60343	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.631294012 CEST	60343	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.631371021 CEST	443	60343	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.631627083 CEST	60343	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.631640911 CEST	443	60343	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.653728962 CEST	443	60342	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.653805017 CEST	443	60342	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.653919935 CEST	60342	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.653956890 CEST	60342	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.653969049 CEST	443	60342	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.654007912 CEST	60342	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.654021978 CEST	443	60342	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.655807018 CEST	60347	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.655877113 CEST	443	60347	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.655946016 CEST	60347	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.656033039 CEST	60347	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.656078100 CEST	443	60347	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.723256111 CEST	443	60344	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.724389076 CEST	60344	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.724440098 CEST	443	60344	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.724927902 CEST	60344	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.724939108 CEST	443	60344	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.726869106 CEST	443	60343	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.727020025 CEST	443	60343	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.727150917 CEST	60343	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.727231979 CEST	60343	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.727231979 CEST	60343	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.727281094 CEST	443	60343	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.727309942 CEST	443	60343	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.729516029 CEST	60348	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.729568958 CEST	443	60348	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.729835987 CEST	60348	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.729968071 CEST	60348	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.729994059 CEST	443	60348	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.821660042 CEST	443	60344	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.821845055 CEST	443	60344	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.821917057 CEST	60344	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.821917057 CEST	60344	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.821960926 CEST	60344	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.821990013 CEST	443	60344	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.823961020 CEST	60349	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.824045897 CEST	443	60349	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:22.824137926 CEST	60349	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.824256897 CEST	60349	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:22.824290037 CEST	443	60349	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.193247080 CEST	443	60345	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.193825006 CEST	60345	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.193908930 CEST	443	60345	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.194453955 CEST	60345	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.194506884 CEST	443	60345	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.255219936 CEST	443	60346	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.255603075 CEST	60346	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.255676031 CEST	443	60346	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.255971909 CEST	60346	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.255986929 CEST	443	60346	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.293252945 CEST	443	60345	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.293576002 CEST	443	60345	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.293656111 CEST	60345	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.293708086 CEST	60345	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.293740034 CEST	443	60345	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.293766975 CEST	60345	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.293781042 CEST	443	60345	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.296324968 CEST	60350	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.296348095 CEST	443	60347	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.296406031 CEST	443	60350	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.296485901 CEST	60350	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.296621084 CEST	60350	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.296644926 CEST	443	60350	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.296731949 CEST	60347	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.296788931 CEST	443	60347	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.297116041 CEST	60347	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.297130108 CEST	443	60347	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.354017973 CEST	443	60346	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.354541063 CEST	443	60346	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.354726076 CEST	60346	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.354727030 CEST	60346	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.354727030 CEST	60346	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.357856035 CEST	60351	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.357917070 CEST	443	60351	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.357991934 CEST	60351	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.358099937 CEST	60351	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.358114004 CEST	443	60351	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.371215105 CEST	443	60348	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.371530056 CEST	60348	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.371558905 CEST	443	60348	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.371922016 CEST	60348	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.371932983 CEST	443	60348	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.395821095 CEST	443	60347	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.395854950 CEST	443	60347	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.395896912 CEST	443	60347	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.395903111 CEST	60347	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.395950079 CEST	60347	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.396158934 CEST	60347	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.396158934 CEST	60347	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.396189928 CEST	443	60347	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.396212101 CEST	443	60347	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.400423050 CEST	60352	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.400466919 CEST	443	60352	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.400532961 CEST	60352	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.400686979 CEST	60352	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.400700092 CEST	443	60352	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.471882105 CEST	443	60348	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.472038031 CEST	443	60348	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.472100019 CEST	60348	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.472208023 CEST	60348	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.472234964 CEST	443	60348	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.472259998 CEST	60348	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.472275019 CEST	443	60348	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.475430012 CEST	60353	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.475512981 CEST	443	60353	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.475605965 CEST	60353	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.475934982 CEST	60353	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.476022959 CEST	443	60353	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.479199886 CEST	443	60349	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.479608059 CEST	60349	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.479693890 CEST	443	60349	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.479814053 CEST	60349	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.479830027 CEST	443	60349	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.581899881 CEST	443	60349	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.581931114 CEST	443	60349	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.581975937 CEST	443	60349	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.582142115 CEST	60349	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.582142115 CEST	60349	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.582231045 CEST	60349	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.582231045 CEST	60349	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.582272053 CEST	443	60349	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.582302094 CEST	443	60349	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.584672928 CEST	60354	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.584753990 CEST	443	60354	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.584856987 CEST	60354	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.584954977 CEST	60354	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.584976912 CEST	443	60354	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.666217089 CEST	60346	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.666276932 CEST	443	60346	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.909507036 CEST	443	60350	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.910150051 CEST	60350	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.910229921 CEST	443	60350	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.910566092 CEST	60350	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.910619020 CEST	443	60350	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.972537041 CEST	443	60351	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.973004103 CEST	60351	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.973056078 CEST	443	60351	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:23.973382950 CEST	60351	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:23.973396063 CEST	443	60351	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.004456997 CEST	443	60350	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.004607916 CEST	443	60350	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.004816055 CEST	60350	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.004817009 CEST	60350	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.004817009 CEST	60350	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.007764101 CEST	60355	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.007827997 CEST	443	60355	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.007896900 CEST	60355	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.008034945 CEST	60355	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.008049011 CEST	443	60355	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.020417929 CEST	443	60352	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.020726919 CEST	60352	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.020756006 CEST	443	60352	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.021058083 CEST	60352	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.021068096 CEST	443	60352	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.067728043 CEST	443	60351	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.067800999 CEST	443	60351	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.067883015 CEST	60351	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.067898035 CEST	443	60351	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.067955017 CEST	60351	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.068089962 CEST	60351	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.068089962 CEST	60351	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.068118095 CEST	443	60351	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.068141937 CEST	443	60351	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.070043087 CEST	60356	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.070084095 CEST	443	60356	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.070161104 CEST	60356	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.070281982 CEST	60356	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.070293903 CEST	443	60356	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.101752043 CEST	443	60353	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.102164984 CEST	60353	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.102245092 CEST	443	60353	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.102325916 CEST	60353	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.102340937 CEST	443	60353	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.116225958 CEST	443	60352	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.116297960 CEST	443	60352	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.116398096 CEST	60352	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.116559029 CEST	60352	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.116580009 CEST	443	60352	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.116621971 CEST	60352	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.116635084 CEST	443	60352	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.118216991 CEST	60357	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.118299961 CEST	443	60357	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.118395090 CEST	60357	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.118510962 CEST	60357	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.118542910 CEST	443	60357	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.192512989 CEST	443	60354	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.192965031 CEST	60354	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.193048954 CEST	443	60354	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.193341017 CEST	60354	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.193393946 CEST	443	60354	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.202043056 CEST	443	60353	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.202349901 CEST	443	60353	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.202404022 CEST	443	60353	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.202423096 CEST	60353	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.202488899 CEST	60353	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.202488899 CEST	60353	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.202532053 CEST	60353	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.202568054 CEST	443	60353	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.204144001 CEST	60358	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.204226971 CEST	443	60358	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.204330921 CEST	60358	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.204416990 CEST	60358	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.204449892 CEST	443	60358	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.317958117 CEST	60350	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.318018913 CEST	443	60350	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.328105927 CEST	443	60354	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.328181982 CEST	443	60354	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.328345060 CEST	60354	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.328428984 CEST	60354	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.328428984 CEST	60354	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.328469038 CEST	443	60354	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.328500032 CEST	443	60354	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.331262112 CEST	60359	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.331355095 CEST	443	60359	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.331435919 CEST	60359	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.331623077 CEST	60359	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.331645012 CEST	443	60359	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.624324083 CEST	443	60355	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.624785900 CEST	60355	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.624829054 CEST	443	60355	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.625169992 CEST	60355	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.625183105 CEST	443	60355	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.687043905 CEST	443	60356	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.687438011 CEST	60356	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.687470913 CEST	443	60356	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.687722921 CEST	60356	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.687731028 CEST	443	60356	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.718477011 CEST	443	60355	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.718527079 CEST	443	60355	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.718655109 CEST	60355	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.718674898 CEST	443	60355	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.718890905 CEST	60355	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.718921900 CEST	443	60355	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.718943119 CEST	60355	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.719413042 CEST	443	60355	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.719628096 CEST	443	60355	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.719686031 CEST	60355	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.721432924 CEST	60360	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.721515894 CEST	443	60360	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.721625090 CEST	60360	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.721712112 CEST	60360	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.721730947 CEST	443	60360	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.726432085 CEST	443	60357	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.726746082 CEST	60357	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.726803064 CEST	443	60357	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.727149963 CEST	60357	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.727163076 CEST	443	60357	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.782618046 CEST	443	60356	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.782661915 CEST	443	60356	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.782778978 CEST	60356	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.782821894 CEST	443	60356	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.782851934 CEST	443	60356	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.782922983 CEST	60356	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.782985926 CEST	443	60356	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.783021927 CEST	60356	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.783021927 CEST	60356	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.783045053 CEST	443	60356	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.783062935 CEST	443	60356	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.785096884 CEST	60361	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.785130978 CEST	443	60361	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.785197973 CEST	60361	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.785340071 CEST	60361	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.785345078 CEST	443	60361	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.823949099 CEST	443	60358	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.824388981 CEST	60358	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.824455976 CEST	443	60358	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.824593067 CEST	60358	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.824608088 CEST	443	60358	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.825747967 CEST	443	60357	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.825820923 CEST	443	60357	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.825927019 CEST	443	60357	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.825961113 CEST	60357	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.826018095 CEST	60357	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.826081038 CEST	60357	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.826081038 CEST	60357	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.826109886 CEST	443	60357	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.826131105 CEST	443	60357	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.828186035 CEST	60362	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.828207016 CEST	443	60362	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.828284025 CEST	60362	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.828489065 CEST	60362	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.828502893 CEST	443	60362	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.924616098 CEST	443	60358	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.924709082 CEST	443	60358	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.924918890 CEST	60358	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.925000906 CEST	60358	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.925000906 CEST	60358	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.925043106 CEST	443	60358	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.925072908 CEST	443	60358	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.927143097 CEST	60363	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.927223921 CEST	443	60363	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.929086924 CEST	60363	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.930736065 CEST	60363	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.930816889 CEST	443	60363	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.951292038 CEST	443	60359	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.951731920 CEST	60359	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.951818943 CEST	443	60359	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:24.956567049 CEST	60359	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:24.956588984 CEST	443	60359	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.080363035 CEST	443	60359	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.080403090 CEST	443	60359	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.080459118 CEST	443	60359	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.080501080 CEST	60359	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.080558062 CEST	60359	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.080715895 CEST	60359	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.080715895 CEST	60359	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.080754042 CEST	443	60359	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.080779076 CEST	443	60359	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.083394051 CEST	60364	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.083477974 CEST	443	60364	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.083589077 CEST	60364	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.084188938 CEST	60364	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.084269047 CEST	443	60364	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.348990917 CEST	443	60360	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.349775076 CEST	60360	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.349855900 CEST	443	60360	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.350249052 CEST	60360	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.350301981 CEST	443	60360	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.439312935 CEST	443	60361	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.439981937 CEST	60361	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.440005064 CEST	443	60361	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.440278053 CEST	60361	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.440296888 CEST	443	60361	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.443557024 CEST	443	60360	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.443782091 CEST	443	60360	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.443969965 CEST	60360	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.443969965 CEST	60360	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.443969965 CEST	60360	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.446341038 CEST	443	60362	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.446480036 CEST	60365	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.446568012 CEST	443	60365	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.446610928 CEST	60362	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.446633101 CEST	443	60362	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.446666956 CEST	60365	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.446754932 CEST	60365	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.446774960 CEST	443	60365	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.446914911 CEST	60362	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.446921110 CEST	443	60362	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.533895969 CEST	443	60361	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.533970118 CEST	443	60361	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.534058094 CEST	60361	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.534070969 CEST	443	60361	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.534192085 CEST	60361	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.534213066 CEST	443	60361	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.534229994 CEST	60361	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.534235954 CEST	443	60361	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.534245968 CEST	60361	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.534249067 CEST	443	60361	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.536454916 CEST	60366	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.536545038 CEST	443	60366	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.536638021 CEST	60366	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.536731958 CEST	60366	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.536751986 CEST	443	60366	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.542805910 CEST	443	60362	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.542953014 CEST	443	60362	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.543032885 CEST	60362	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.543158054 CEST	60362	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.543162107 CEST	443	60362	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.543186903 CEST	60362	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.543190956 CEST	443	60362	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.544926882 CEST	60367	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.545011044 CEST	443	60367	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.545095921 CEST	60367	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.545279026 CEST	60367	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.545311928 CEST	443	60367	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.569710016 CEST	443	60363	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.570219040 CEST	60363	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.570276976 CEST	443	60363	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.570596933 CEST	60363	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.570610046 CEST	443	60363	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.668421984 CEST	443	60363	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.668473959 CEST	443	60363	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.668517113 CEST	443	60363	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.668679953 CEST	60363	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.668680906 CEST	60363	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.668771029 CEST	60363	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.668807983 CEST	443	60363	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.668860912 CEST	60363	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.668878078 CEST	443	60363	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.670490980 CEST	60368	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.670572042 CEST	443	60368	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.673053026 CEST	60368	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.673053026 CEST	60368	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.673180103 CEST	443	60368	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.720045090 CEST	443	60364	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.721333981 CEST	60364	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.721395016 CEST	443	60364	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.721699953 CEST	60364	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.721754074 CEST	443	60364	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.758171082 CEST	60360	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.758232117 CEST	443	60360	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.821033955 CEST	443	60364	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.821095943 CEST	443	60364	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.821168900 CEST	60364	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.821326971 CEST	60364	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.821326971 CEST	60364	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.821379900 CEST	443	60364	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.821409941 CEST	443	60364	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.823700905 CEST	60369	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.823772907 CEST	443	60369	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:25.823869944 CEST	60369	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.823971987 CEST	60369	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:25.823987961 CEST	443	60369	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.123959064 CEST	443	60365	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.124686003 CEST	60365	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.124747038 CEST	443	60365	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.125030994 CEST	60365	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.125046015 CEST	443	60365	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.160506010 CEST	443	60367	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.161045074 CEST	60367	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.161086082 CEST	443	60367	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.161362886 CEST	60367	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.161390066 CEST	443	60367	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.173815966 CEST	443	60366	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.174088955 CEST	60366	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.174132109 CEST	443	60366	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.174385071 CEST	60366	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.174396992 CEST	443	60366	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.224417925 CEST	443	60365	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.224508047 CEST	443	60365	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.224591970 CEST	60365	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.224623919 CEST	443	60365	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.224786997 CEST	60365	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.224786997 CEST	60365	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.224802971 CEST	443	60365	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.224853039 CEST	443	60365	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.224860907 CEST	60365	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.224894047 CEST	443	60365	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.227418900 CEST	60370	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.227499962 CEST	443	60370	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.227603912 CEST	60370	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.227725983 CEST	60370	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.227741957 CEST	443	60370	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.255624056 CEST	443	60367	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.255830050 CEST	443	60367	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.256026983 CEST	60367	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.256026983 CEST	60367	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.256026983 CEST	60367	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.257978916 CEST	60371	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.258060932 CEST	443	60371	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.258306980 CEST	60371	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.258306980 CEST	60371	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.258435965 CEST	443	60371	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.273062944 CEST	443	60366	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.273258924 CEST	443	60366	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.273350000 CEST	60366	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.273406029 CEST	60366	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.273406029 CEST	60366	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.273432970 CEST	443	60366	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.273454905 CEST	443	60366	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.275127888 CEST	60372	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.275166035 CEST	443	60372	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.275233984 CEST	60372	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.275331974 CEST	60372	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.275338888 CEST	443	60372	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.279213905 CEST	443	60368	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.279644012 CEST	60368	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.279702902 CEST	443	60368	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.279858112 CEST	60368	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.279872894 CEST	443	60368	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.374346972 CEST	443	60368	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.374386072 CEST	443	60368	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.374429941 CEST	443	60368	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.374448061 CEST	60368	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.374504089 CEST	60368	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.374695063 CEST	60368	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.374695063 CEST	60368	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.374741077 CEST	443	60368	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.374772072 CEST	443	60368	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.377429962 CEST	60373	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.377509117 CEST	443	60373	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.377578974 CEST	60373	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.377760887 CEST	60373	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.377783060 CEST	443	60373	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.473414898 CEST	443	60369	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.474286079 CEST	60369	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.474344015 CEST	443	60369	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.475009918 CEST	60369	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.475023031 CEST	443	60369	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.568032026 CEST	60367	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.568094015 CEST	443	60367	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.578640938 CEST	443	60369	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.578800917 CEST	443	60369	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.578926086 CEST	60369	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.578926086 CEST	60369	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.578926086 CEST	60369	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.581284046 CEST	60374	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.581367016 CEST	443	60374	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.581459045 CEST	60374	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.581579924 CEST	60374	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.581599951 CEST	443	60374	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.860126019 CEST	443	60370	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.860919952 CEST	60370	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.860980988 CEST	443	60370	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.861243010 CEST	60370	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.861258984 CEST	443	60370	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.880578995 CEST	60369	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.880645037 CEST	443	60369	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.896848917 CEST	443	60371	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.897380114 CEST	60371	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.897438049 CEST	443	60371	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.897713900 CEST	60371	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.897766113 CEST	443	60371	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.910059929 CEST	443	60372	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.910525084 CEST	60372	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.910542965 CEST	443	60372	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.910831928 CEST	60372	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.910836935 CEST	443	60372	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.955213070 CEST	443	60370	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.955363035 CEST	443	60370	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.955585957 CEST	60370	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.955585957 CEST	60370	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.955585957 CEST	60370	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.958262920 CEST	60375	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.958302975 CEST	443	60375	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.958393097 CEST	60375	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.958597898 CEST	60375	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.958606005 CEST	443	60375	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.993470907 CEST	443	60371	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.993544102 CEST	443	60371	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.993695021 CEST	443	60371	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.993793964 CEST	60371	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.993794918 CEST	60371	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.993887901 CEST	60371	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.993925095 CEST	443	60371	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.993973017 CEST	60371	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.993988991 CEST	443	60371	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.995647907 CEST	60376	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.995711088 CEST	443	60376	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:26.995803118 CEST	60376	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.995928049 CEST	60376	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:26.995942116 CEST	443	60376	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.004858017 CEST	443	60372	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.004996061 CEST	443	60372	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.005054951 CEST	60372	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.005090952 CEST	60372	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.005090952 CEST	60372	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.005109072 CEST	443	60372	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.005120993 CEST	443	60372	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.006889105 CEST	60377	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.006973028 CEST	443	60377	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.007065058 CEST	60377	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.007142067 CEST	60377	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.007163048 CEST	443	60377	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.032805920 CEST	443	60373	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.033276081 CEST	60373	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.033318043 CEST	443	60373	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.033741951 CEST	60373	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.033755064 CEST	443	60373	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.154124975 CEST	443	60373	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.154165030 CEST	443	60373	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.154206991 CEST	443	60373	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.154373884 CEST	60373	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.154520035 CEST	60373	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.154560089 CEST	443	60373	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.154618979 CEST	60373	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.154634953 CEST	443	60373	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.157207012 CEST	60378	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.157249928 CEST	443	60378	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.157429934 CEST	60378	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.157486916 CEST	60378	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.157501936 CEST	443	60378	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.206681013 CEST	443	60374	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.207241058 CEST	60374	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.207324028 CEST	443	60374	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.207561970 CEST	60374	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.207577944 CEST	443	60374	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.271152020 CEST	60370	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.271202087 CEST	443	60370	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.303580999 CEST	443	60374	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.303720951 CEST	443	60374	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.303900957 CEST	60374	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.303981066 CEST	60374	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.303981066 CEST	60374	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.304023027 CEST	443	60374	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.304048061 CEST	443	60374	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.305828094 CEST	60379	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.305871964 CEST	443	60379	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.305943012 CEST	60379	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.306041956 CEST	60379	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.306051016 CEST	443	60379	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.803632975 CEST	443	60375	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.804030895 CEST	443	60376	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.804321051 CEST	60375	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.804343939 CEST	443	60375	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.804564953 CEST	443	60377	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.804934978 CEST	60375	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.804938078 CEST	443	60375	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.805190086 CEST	60376	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.805224895 CEST	443	60376	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.805397987 CEST	60377	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.805473089 CEST	443	60377	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.805525064 CEST	60376	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.805535078 CEST	443	60376	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.805742979 CEST	60377	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.805764914 CEST	443	60377	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.897965908 CEST	443	60377	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.898523092 CEST	443	60377	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.898612022 CEST	60377	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.898690939 CEST	60377	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.898730993 CEST	443	60377	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.898761034 CEST	60377	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.898777008 CEST	443	60377	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.899722099 CEST	443	60375	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.899988890 CEST	443	60375	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.900033951 CEST	60375	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.900187969 CEST	60375	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.900197983 CEST	443	60375	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.900207043 CEST	60375	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.900211096 CEST	443	60375	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.901731968 CEST	60380	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.901767969 CEST	443	60380	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.901827097 CEST	60380	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.901940107 CEST	60380	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.901947975 CEST	443	60380	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.902851105 CEST	60381	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.902932882 CEST	443	60381	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.903013945 CEST	60381	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.903120041 CEST	60381	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.903141975 CEST	443	60381	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.933844090 CEST	443	60376	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.934015989 CEST	443	60376	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.934135914 CEST	443	60376	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.934217930 CEST	60376	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.934218884 CEST	60376	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.934288979 CEST	60376	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.934288979 CEST	60376	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.934309959 CEST	443	60376	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.934349060 CEST	443	60376	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.936017036 CEST	60382	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.936098099 CEST	443	60382	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.936181068 CEST	60382	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.936280012 CEST	60382	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.936297894 CEST	443	60382	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.974503040 CEST	443	60379	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.975120068 CEST	60379	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.975148916 CEST	443	60379	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.975414991 CEST	60379	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.975423098 CEST	443	60379	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.982212067 CEST	443	60378	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.982631922 CEST	60378	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.982716084 CEST	443	60378	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:27.982861042 CEST	60378	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:27.982876062 CEST	443	60378	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.073786020 CEST	443	60379	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.073858023 CEST	443	60379	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.073966026 CEST	443	60379	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.074058056 CEST	60379	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.074058056 CEST	60379	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.074194908 CEST	60379	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.074194908 CEST	60379	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.074239969 CEST	443	60379	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.074268103 CEST	443	60379	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.076514959 CEST	60383	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.076540947 CEST	443	60383	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.076616049 CEST	60383	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.076780081 CEST	60383	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.076795101 CEST	443	60383	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.157912970 CEST	443	60378	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.158339977 CEST	443	60378	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.158438921 CEST	60378	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.158438921 CEST	60378	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.158514023 CEST	60378	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.158550024 CEST	443	60378	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.160087109 CEST	60384	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.160104036 CEST	443	60384	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.160193920 CEST	60384	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.160264969 CEST	60384	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.160269976 CEST	443	60384	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.521080971 CEST	443	60380	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.521711111 CEST	443	60381	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.522156000 CEST	60380	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.522198915 CEST	443	60380	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.522207022 CEST	60381	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.522284031 CEST	443	60381	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.522567987 CEST	60380	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.522576094 CEST	443	60380	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.522603035 CEST	60381	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.522617102 CEST	443	60381	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.562262058 CEST	443	60382	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.563065052 CEST	60382	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.563139915 CEST	443	60382	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.563353062 CEST	60382	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.563366890 CEST	443	60382	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.616998911 CEST	443	60380	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.617394924 CEST	443	60381	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.617468119 CEST	443	60381	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.617532015 CEST	443	60380	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.617568016 CEST	443	60381	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.617589951 CEST	60381	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.617651939 CEST	60380	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.617665052 CEST	60381	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.617750883 CEST	60380	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.617762089 CEST	60381	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.617775917 CEST	443	60380	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.617799997 CEST	443	60381	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.617804050 CEST	60380	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.617825031 CEST	443	60380	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.617854118 CEST	60381	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.617870092 CEST	443	60381	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.620182037 CEST	60385	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.620228052 CEST	443	60385	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.620269060 CEST	60386	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.620285988 CEST	443	60386	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.620313883 CEST	60385	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.620361090 CEST	60386	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.620440960 CEST	60385	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.620440960 CEST	60386	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.620460987 CEST	443	60385	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.620480061 CEST	443	60386	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.659564018 CEST	443	60382	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.659636974 CEST	443	60382	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.659714937 CEST	60382	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.660051107 CEST	60382	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.660051107 CEST	60382	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.660115004 CEST	443	60382	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.660151005 CEST	443	60382	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.662251949 CEST	60387	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.662296057 CEST	443	60387	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.662473917 CEST	60387	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.662473917 CEST	60387	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.662507057 CEST	443	60387	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.693301916 CEST	443	60383	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.693682909 CEST	60383	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.693706989 CEST	443	60383	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.694046021 CEST	60383	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.694051981 CEST	443	60383	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.788325071 CEST	443	60383	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.788542032 CEST	443	60383	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.788690090 CEST	60383	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.788866043 CEST	60383	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.788866043 CEST	60383	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.788887024 CEST	443	60383	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.788899899 CEST	443	60383	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.791482925 CEST	60388	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.791574955 CEST	443	60388	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.791670084 CEST	60388	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.791790962 CEST	60388	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.791810036 CEST	443	60388	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.796842098 CEST	443	60384	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.797133923 CEST	60384	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.797152996 CEST	443	60384	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.797635078 CEST	60384	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.797641039 CEST	443	60384	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.897291899 CEST	443	60384	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.898268938 CEST	443	60384	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.898425102 CEST	60384	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.898530006 CEST	60384	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.898530960 CEST	60384	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.898546934 CEST	443	60384	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.898557901 CEST	443	60384	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.900758982 CEST	60389	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.900842905 CEST	443	60389	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:28.900957108 CEST	60389	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.901071072 CEST	60389	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:28.901093960 CEST	443	60389	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.466743946 CEST	443	60387	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.467327118 CEST	60387	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.467359066 CEST	443	60387	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.467796087 CEST	60387	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.467803955 CEST	443	60387	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.471165895 CEST	443	60386	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.471492052 CEST	60386	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.471551895 CEST	443	60386	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.471847057 CEST	60386	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.471863031 CEST	443	60386	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.472074032 CEST	443	60385	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.472542048 CEST	60385	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.472599983 CEST	443	60385	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.472902060 CEST	60385	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.472955942 CEST	443	60385	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.562061071 CEST	443	60387	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.562114954 CEST	443	60387	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.562158108 CEST	443	60387	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.562160969 CEST	60387	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.562216043 CEST	60387	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.562366009 CEST	60387	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.562385082 CEST	443	60387	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.562397003 CEST	60387	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.562403917 CEST	443	60387	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.565162897 CEST	60390	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.565247059 CEST	443	60390	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.565337896 CEST	60390	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.565457106 CEST	60390	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.565491915 CEST	443	60390	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.565907955 CEST	443	60386	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.566080093 CEST	443	60386	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.566181898 CEST	443	60386	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.566251993 CEST	60386	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.566251993 CEST	60386	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.566251993 CEST	60386	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.566251993 CEST	60386	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.568032026 CEST	60391	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.568124056 CEST	443	60391	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.568186045 CEST	60391	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.569005966 CEST	60391	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.569040060 CEST	443	60391	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.571541071 CEST	443	60385	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.571700096 CEST	443	60385	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.571917057 CEST	60385	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.571917057 CEST	60385	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.571917057 CEST	60385	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.573585033 CEST	60392	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.573667049 CEST	443	60392	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.573771000 CEST	60392	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.573863029 CEST	60392	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.573899031 CEST	443	60392	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.639952898 CEST	443	60389	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.640369892 CEST	60389	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.640450954 CEST	443	60389	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.640747070 CEST	60389	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.640799999 CEST	443	60389	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.642308950 CEST	443	60388	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.642594099 CEST	60388	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.642671108 CEST	443	60388	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.642918110 CEST	60388	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.642934084 CEST	443	60388	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.736183882 CEST	443	60389	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.736216068 CEST	443	60389	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.736258984 CEST	443	60389	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.736531019 CEST	60389	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.736531973 CEST	60389	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.747240067 CEST	443	60388	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.747442961 CEST	443	60388	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.747644901 CEST	60388	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.749623060 CEST	60389	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.749623060 CEST	60389	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.749690056 CEST	443	60389	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.749723911 CEST	443	60389	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.750735044 CEST	60388	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.750735998 CEST	60388	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.750783920 CEST	443	60388	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.750813007 CEST	443	60388	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.753283024 CEST	60393	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.753354073 CEST	443	60393	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.753426075 CEST	60393	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.753827095 CEST	60394	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.753846884 CEST	443	60394	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.753906012 CEST	60394	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.753993988 CEST	60393	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.754024982 CEST	443	60393	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.754101038 CEST	60394	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.754117012 CEST	443	60394	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.865845919 CEST	60386	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.865906954 CEST	443	60386	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:29.881326914 CEST	60385	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:29.881390095 CEST	443	60385	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.181690931 CEST	443	60391	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.182404995 CEST	443	60390	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.183020115 CEST	60391	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.183084011 CEST	443	60391	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.183393955 CEST	60391	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.183408022 CEST	443	60391	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.183687925 CEST	60390	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.183746099 CEST	443	60390	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.184206963 CEST	60390	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.184262037 CEST	443	60390	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.197110891 CEST	443	60392	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.199048042 CEST	60392	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.199105024 CEST	443	60392	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.199378014 CEST	60392	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.199414015 CEST	443	60392	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.278206110 CEST	443	60390	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.278645039 CEST	443	60390	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.278877020 CEST	60390	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.278877020 CEST	60390	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.278956890 CEST	60390	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.278994083 CEST	443	60390	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.281578064 CEST	60395	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.281660080 CEST	443	60395	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.281748056 CEST	60395	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.281846046 CEST	60395	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.281872988 CEST	443	60395	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.292922020 CEST	443	60392	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.293062925 CEST	443	60392	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.293144941 CEST	60392	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.293144941 CEST	60392	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.293231964 CEST	60392	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.293268919 CEST	443	60392	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.295262098 CEST	60396	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.295344114 CEST	443	60396	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.295452118 CEST	60396	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.295557022 CEST	60396	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.295581102 CEST	443	60396	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.321052074 CEST	443	60391	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.321218014 CEST	443	60391	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.321392059 CEST	60391	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.321767092 CEST	60391	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.321767092 CEST	60391	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.321834087 CEST	443	60391	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.321873903 CEST	443	60391	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.323491096 CEST	60397	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.323574066 CEST	443	60397	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.323661089 CEST	60397	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.323748112 CEST	60397	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.323765993 CEST	443	60397	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.376518965 CEST	443	60393	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.377006054 CEST	60393	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.377082109 CEST	443	60393	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.377367020 CEST	60393	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.377378941 CEST	443	60393	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.388427019 CEST	443	60394	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.388700962 CEST	60394	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.388729095 CEST	443	60394	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.389028072 CEST	60394	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.389036894 CEST	443	60394	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.476608992 CEST	443	60393	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.476764917 CEST	443	60393	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.476950884 CEST	60393	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.477006912 CEST	60393	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.477006912 CEST	60393	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.477044106 CEST	443	60393	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.477065086 CEST	443	60393	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.479301929 CEST	60398	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.479408979 CEST	443	60398	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.479491949 CEST	60398	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.479617119 CEST	60398	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.479635000 CEST	443	60398	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.489320993 CEST	443	60394	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.489486933 CEST	443	60394	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.489540100 CEST	443	60394	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.489540100 CEST	60394	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.489590883 CEST	60394	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.489619017 CEST	60394	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.489629984 CEST	443	60394	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.489674091 CEST	60394	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.489686966 CEST	443	60394	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.491422892 CEST	60399	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.491507053 CEST	443	60399	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.491590023 CEST	60399	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.491687059 CEST	60399	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.491708040 CEST	443	60399	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.935571909 CEST	443	60396	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.936508894 CEST	60396	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.936566114 CEST	443	60396	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.936850071 CEST	60396	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.936902046 CEST	443	60396	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.941423893 CEST	443	60397	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.941915035 CEST	60397	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.941960096 CEST	443	60397	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.942111015 CEST	60397	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.942123890 CEST	443	60397	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.953407049 CEST	443	60395	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.953747034 CEST	60395	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.953804970 CEST	443	60395	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:30.954113960 CEST	60395	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:30.954165936 CEST	443	60395	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.037538052 CEST	443	60397	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.037718058 CEST	443	60397	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.037982941 CEST	60397	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.038115978 CEST	60397	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.038115978 CEST	60397	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.038167000 CEST	443	60397	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.038202047 CEST	443	60397	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.040862083 CEST	60401	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.040950060 CEST	443	60401	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.041141033 CEST	60401	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.041213036 CEST	60401	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.041232109 CEST	443	60401	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.070904016 CEST	443	60395	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.071057081 CEST	443	60395	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.071322918 CEST	60395	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.071445942 CEST	60395	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.071446896 CEST	60395	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.071490049 CEST	443	60395	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.071521997 CEST	443	60395	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.073338985 CEST	60402	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.073424101 CEST	443	60402	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.073575974 CEST	60402	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.073681116 CEST	60402	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.073704004 CEST	443	60402	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.085095882 CEST	443	60396	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.085248947 CEST	443	60396	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.085357904 CEST	60396	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.085690022 CEST	60396	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.085690975 CEST	60396	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.085756063 CEST	443	60396	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.085798979 CEST	443	60396	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.087327957 CEST	60403	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.087439060 CEST	443	60403	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.087538958 CEST	60403	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.087651968 CEST	60403	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.087676048 CEST	443	60403	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.104000092 CEST	443	60399	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.104522943 CEST	60399	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.104600906 CEST	443	60399	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.104779005 CEST	60399	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.104792118 CEST	443	60399	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.105005026 CEST	443	60398	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.105248928 CEST	60398	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.105305910 CEST	443	60398	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.105542898 CEST	60398	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.105556965 CEST	443	60398	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.201021910 CEST	443	60399	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.201159954 CEST	443	60399	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.201435089 CEST	60399	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.201435089 CEST	60399	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.201436043 CEST	60399	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.202528000 CEST	443	60398	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.202683926 CEST	443	60398	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.202769041 CEST	60398	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.202769041 CEST	60398	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.202769041 CEST	60398	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.203902006 CEST	60404	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.203986883 CEST	443	60404	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.204111099 CEST	60404	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.204221010 CEST	60404	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.204247952 CEST	443	60404	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.204478979 CEST	60405	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.204526901 CEST	443	60405	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.204684973 CEST	60405	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.204684973 CEST	60405	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.204727888 CEST	443	60405	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.507019997 CEST	60398	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.507086992 CEST	443	60398	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:31.507117987 CEST	60399	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:31.507179022 CEST	443	60399	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.695199966 CEST	443	60401	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.695844889 CEST	60401	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.695924997 CEST	443	60401	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.696194887 CEST	443	60403	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.696218967 CEST	443	60402	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.696285963 CEST	60401	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.696300030 CEST	443	60401	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.696645021 CEST	60403	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.696703911 CEST	443	60403	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.696829081 CEST	60403	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.696845055 CEST	443	60403	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.696974993 CEST	60402	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.696989059 CEST	443	60402	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.697268963 CEST	60402	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.697279930 CEST	443	60402	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.792160034 CEST	443	60401	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.792891979 CEST	443	60401	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.793000937 CEST	60401	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.793000937 CEST	60401	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.793077946 CEST	60401	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.793118000 CEST	443	60401	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.793170929 CEST	443	60403	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.793327093 CEST	443	60403	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.795506954 CEST	60406	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.795552969 CEST	443	60406	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.795635939 CEST	60406	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.795697927 CEST	60403	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.795697927 CEST	60403	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.795747042 CEST	60406	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.795758009 CEST	443	60406	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.795789957 CEST	60403	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.795826912 CEST	443	60403	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.797494888 CEST	60407	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.797576904 CEST	443	60407	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.797642946 CEST	443	60402	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.797663927 CEST	60407	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.797800064 CEST	60407	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.797821999 CEST	443	60407	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.799618959 CEST	443	60402	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.799685955 CEST	60402	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.799709082 CEST	443	60402	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.799801111 CEST	60402	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.799801111 CEST	60402	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.799818039 CEST	443	60402	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.800096989 CEST	443	60402	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.801426888 CEST	60408	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.801512957 CEST	443	60408	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.801594973 CEST	60408	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.801707983 CEST	60408	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.801738977 CEST	443	60408	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.860088110 CEST	443	60404	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.860796928 CEST	60404	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.860882998 CEST	443	60404	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.861150980 CEST	60404	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.861166954 CEST	443	60404	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.880579948 CEST	443	60405	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.880860090 CEST	60405	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.880886078 CEST	443	60405	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.881201982 CEST	60405	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.881207943 CEST	443	60405	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.958056927 CEST	443	60404	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.958131075 CEST	443	60404	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.958236933 CEST	443	60404	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.958487034 CEST	60404	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.958487034 CEST	60404	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.958602905 CEST	60404	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.958602905 CEST	60404	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.958643913 CEST	443	60404	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.958677053 CEST	443	60404	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.961214066 CEST	60409	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.961296082 CEST	443	60409	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.961386919 CEST	60409	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.961508989 CEST	60409	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.961532116 CEST	443	60409	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.989121914 CEST	443	60405	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.989190102 CEST	443	60405	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.989408016 CEST	60405	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.989690065 CEST	60405	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.989690065 CEST	60405	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.989712954 CEST	443	60405	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.989726067 CEST	443	60405	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.991727114 CEST	60410	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.991808891 CEST	443	60410	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:32.991928101 CEST	60410	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.992006063 CEST	60410	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:32.992027044 CEST	443	60410	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.493582964 CEST	443	60408	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.494051933 CEST	60408	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.494111061 CEST	443	60408	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.494494915 CEST	60408	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.494509935 CEST	443	60408	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.495196104 CEST	443	60406	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.495435953 CEST	60406	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.495460987 CEST	443	60406	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.495716095 CEST	60406	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.495723009 CEST	443	60406	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.585566044 CEST	443	60409	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.586132050 CEST	60409	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.586191893 CEST	443	60409	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.586457968 CEST	60409	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.586473942 CEST	443	60409	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.588032961 CEST	443	60408	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.588293076 CEST	443	60408	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.588377953 CEST	60408	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.588463068 CEST	60408	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.588463068 CEST	60408	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.588506937 CEST	443	60408	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.588532925 CEST	443	60408	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.589940071 CEST	443	60406	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.590004921 CEST	443	60406	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.590059042 CEST	60406	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.590079069 CEST	443	60406	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.590107918 CEST	443	60406	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.590152979 CEST	60406	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.590194941 CEST	60406	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.590214014 CEST	443	60406	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.590225935 CEST	60406	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.590233088 CEST	443	60406	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.590770006 CEST	60411	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.590816021 CEST	443	60411	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.590882063 CEST	60411	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.591008902 CEST	60411	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.591037035 CEST	443	60411	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.592015028 CEST	60412	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.592097044 CEST	443	60412	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.592190981 CEST	60412	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.592284918 CEST	60412	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.592309952 CEST	443	60412	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.601032972 CEST	443	60410	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.601330996 CEST	60410	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.601361036 CEST	443	60410	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.601687908 CEST	60410	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.601697922 CEST	443	60410	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.679919004 CEST	443	60409	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.680066109 CEST	443	60409	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.680286884 CEST	60409	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.680288076 CEST	60409	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.680382013 CEST	60409	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.680421114 CEST	443	60409	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.681952000 CEST	60413	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.682034969 CEST	443	60413	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.682121992 CEST	60413	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.682214975 CEST	60413	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.682235956 CEST	443	60413	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.696433067 CEST	443	60410	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.698107958 CEST	443	60410	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.698178053 CEST	443	60410	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.698281050 CEST	60410	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.698281050 CEST	60410	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.698281050 CEST	60410	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.698281050 CEST	60410	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.699994087 CEST	60414	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.700033903 CEST	443	60414	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:33.700105906 CEST	60414	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.700208902 CEST	60414	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:33.700232029 CEST	443	60414	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.005153894 CEST	60410	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.005215883 CEST	443	60410	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.206439018 CEST	443	60411	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.207190037 CEST	60411	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.207267046 CEST	443	60411	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.207628965 CEST	60411	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.207643032 CEST	443	60411	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.260467052 CEST	443	60412	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.260981083 CEST	60412	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.261034966 CEST	443	60412	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.261470079 CEST	60412	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.261482000 CEST	443	60412	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.301286936 CEST	443	60411	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.301434994 CEST	443	60411	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.301701069 CEST	60411	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.301791906 CEST	60411	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.301791906 CEST	60411	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.301836967 CEST	443	60411	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.301867962 CEST	443	60411	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.304675102 CEST	60415	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.304748058 CEST	443	60415	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.304971933 CEST	60415	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.304971933 CEST	60415	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.305037975 CEST	443	60415	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.311789989 CEST	443	60413	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.312160015 CEST	60413	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.312201977 CEST	443	60413	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.312494040 CEST	60413	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.312501907 CEST	443	60413	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.337622881 CEST	443	60414	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.338165998 CEST	60414	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.338242054 CEST	443	60414	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.338500977 CEST	60414	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.338553905 CEST	443	60414	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.364911079 CEST	443	60412	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.365092039 CEST	443	60412	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.365173101 CEST	60412	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.365340948 CEST	60412	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.365340948 CEST	60412	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.365385056 CEST	443	60412	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.365411043 CEST	443	60412	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.367433071 CEST	60416	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.367516041 CEST	443	60416	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.367769957 CEST	60416	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.367769957 CEST	60416	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.367898941 CEST	443	60416	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.407987118 CEST	443	60413	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.408023119 CEST	443	60413	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.408093929 CEST	443	60413	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.408159018 CEST	60413	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.408159018 CEST	60413	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.408392906 CEST	60413	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.408394098 CEST	60413	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.408425093 CEST	443	60413	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.408442020 CEST	443	60413	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.410094976 CEST	60417	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.410130024 CEST	443	60417	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.410188913 CEST	60417	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.410312891 CEST	60417	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.410321951 CEST	443	60417	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.436501980 CEST	443	60414	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.436652899 CEST	443	60414	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.436832905 CEST	60414	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.436832905 CEST	60414	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.436832905 CEST	60414	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.438551903 CEST	60418	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.438565969 CEST	443	60418	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.438620090 CEST	60418	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.438775063 CEST	60418	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.438785076 CEST	443	60418	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.741333961 CEST	60414	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.741394997 CEST	443	60414	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.917550087 CEST	443	60415	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.921372890 CEST	60415	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.921421051 CEST	443	60415	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:34.921803951 CEST	60415	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:34.921817064 CEST	443	60415	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.006174088 CEST	443	60416	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.009393930 CEST	60416	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.009452105 CEST	443	60416	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.009887934 CEST	60416	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.009977102 CEST	443	60416	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.012851954 CEST	443	60415	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.012908936 CEST	443	60415	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.012981892 CEST	60415	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.013016939 CEST	443	60415	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.013168097 CEST	60415	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.013168097 CEST	60415	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.013190985 CEST	443	60415	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.013247013 CEST	443	60415	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.015516043 CEST	60419	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.015573025 CEST	443	60419	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.015661955 CEST	60419	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.015767097 CEST	60419	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.015788078 CEST	443	60419	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.075592041 CEST	443	60418	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.075696945 CEST	443	60417	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.075910091 CEST	60418	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.075925112 CEST	443	60418	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.076186895 CEST	60417	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.076193094 CEST	443	60417	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.076276064 CEST	60418	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.076281071 CEST	443	60418	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.076564074 CEST	60417	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.076567888 CEST	443	60417	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.106034994 CEST	443	60416	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.106085062 CEST	443	60416	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.106240034 CEST	60416	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.106260061 CEST	443	60416	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.106318951 CEST	60416	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.106369972 CEST	60416	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.106369972 CEST	60416	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.106411934 CEST	443	60416	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.106439114 CEST	443	60416	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.108454943 CEST	60420	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.108539104 CEST	443	60420	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.108650923 CEST	60420	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.108743906 CEST	60420	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.108767986 CEST	443	60420	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.170871973 CEST	443	60418	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.170928955 CEST	443	60418	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.171086073 CEST	60418	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.171093941 CEST	443	60418	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.171169996 CEST	60418	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.171175003 CEST	443	60418	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.171202898 CEST	60418	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.171257973 CEST	443	60418	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.173005104 CEST	60421	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.173094034 CEST	443	60421	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.173182964 CEST	60421	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.173289061 CEST	60421	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.173312902 CEST	443	60421	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.174922943 CEST	443	60417	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.174977064 CEST	443	60417	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.175069094 CEST	60417	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.175074100 CEST	443	60417	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.175102949 CEST	443	60417	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.175146103 CEST	60417	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.175159931 CEST	443	60417	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.175167084 CEST	60417	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.175167084 CEST	60417	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.175173044 CEST	443	60417	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.175177097 CEST	443	60417	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.177314997 CEST	60422	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.177337885 CEST	443	60422	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.177499056 CEST	60422	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.177499056 CEST	60422	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.177548885 CEST	443	60422	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.179205894 CEST	443	60407	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.179534912 CEST	60407	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.179563999 CEST	443	60407	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.179884911 CEST	60407	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.179893017 CEST	443	60407	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.279154062 CEST	443	60407	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.279325962 CEST	443	60407	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.279491901 CEST	60407	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.279824018 CEST	60407	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.279824018 CEST	60407	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.279890060 CEST	443	60407	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.279927015 CEST	443	60407	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.282273054 CEST	60423	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.282356024 CEST	443	60423	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.282452106 CEST	60423	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.282583952 CEST	60423	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.282608032 CEST	443	60423	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.641011953 CEST	443	60419	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.641680002 CEST	60419	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.641762018 CEST	443	60419	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.642055988 CEST	60419	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.642108917 CEST	443	60419	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.738380909 CEST	443	60419	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.738519907 CEST	443	60419	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.738923073 CEST	60419	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.738923073 CEST	60419	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.738923073 CEST	60419	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.741558075 CEST	60424	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.741631031 CEST	443	60424	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.741745949 CEST	60424	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.741889000 CEST	60424	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.741904974 CEST	443	60424	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.760504961 CEST	443	60420	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.760988951 CEST	60420	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.761070013 CEST	443	60420	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.761425018 CEST	60420	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.761478901 CEST	443	60420	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.787564993 CEST	443	60421	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.787992001 CEST	60421	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.788077116 CEST	443	60421	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.788201094 CEST	60421	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.788218021 CEST	443	60421	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.805378914 CEST	443	60422	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.805814981 CEST	60422	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.805900097 CEST	443	60422	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.806010962 CEST	60422	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.806025982 CEST	443	60422	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.872626066 CEST	443	60420	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.872776031 CEST	443	60420	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.872906923 CEST	60420	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.872906923 CEST	60420	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.872988939 CEST	60420	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.873025894 CEST	443	60420	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.875447989 CEST	60425	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.875530005 CEST	443	60425	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.875629902 CEST	60425	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.875947952 CEST	60425	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.876027107 CEST	443	60425	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.882426977 CEST	443	60421	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.882577896 CEST	443	60421	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.882752895 CEST	60421	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.882752895 CEST	60421	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.882752895 CEST	60421	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.884481907 CEST	60426	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.884563923 CEST	443	60426	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.884649038 CEST	60426	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.884743929 CEST	60426	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.884766102 CEST	443	60426	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.894367933 CEST	443	60423	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.894854069 CEST	60423	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.894942045 CEST	443	60423	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.895210981 CEST	60423	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.895265102 CEST	443	60423	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.902581930 CEST	443	60422	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.903068066 CEST	443	60422	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.903223038 CEST	60422	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.903223038 CEST	60422	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.903223038 CEST	60422	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.904912949 CEST	60427	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.904966116 CEST	443	60427	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.905044079 CEST	60427	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.905152082 CEST	60427	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.905165911 CEST	443	60427	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.989444017 CEST	443	60423	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.989492893 CEST	443	60423	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.989708900 CEST	60423	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.989747047 CEST	443	60423	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.990048885 CEST	60423	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.990048885 CEST	60423	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.990048885 CEST	60423	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.992760897 CEST	60428	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.992826939 CEST	443	60428	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:35.992928982 CEST	60428	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.993074894 CEST	60428	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:35.993089914 CEST	443	60428	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.037415981 CEST	60419	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.037476063 CEST	443	60419	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.193448067 CEST	60421	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.193511009 CEST	443	60421	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.209302902 CEST	60422	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.209366083 CEST	443	60422	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.302911997 CEST	60423	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.302973032 CEST	443	60423	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.371680021 CEST	443	60424	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.372148991 CEST	60424	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.372201920 CEST	443	60424	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.372598886 CEST	60424	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.372611046 CEST	443	60424	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.481091022 CEST	443	60424	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.481170893 CEST	443	60424	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.481246948 CEST	60424	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.481277943 CEST	443	60424	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.481327057 CEST	443	60424	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.481394053 CEST	60424	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.481543064 CEST	60424	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.481543064 CEST	60424	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.481578112 CEST	443	60424	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.481600046 CEST	443	60424	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.484286070 CEST	60429	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.484369040 CEST	443	60429	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.484462976 CEST	60429	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.484730005 CEST	60429	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.484790087 CEST	443	60429	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.502974033 CEST	443	60426	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.503556013 CEST	60426	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.503613949 CEST	443	60426	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.503968954 CEST	60426	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.503982067 CEST	443	60426	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.506695032 CEST	443	60425	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.506968021 CEST	60425	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.506997108 CEST	443	60425	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.507272005 CEST	60425	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.507282972 CEST	443	60425	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.558007002 CEST	443	60428	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.558506012 CEST	60428	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.558563948 CEST	443	60428	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.558832884 CEST	60428	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.558849096 CEST	443	60428	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.597882986 CEST	443	60426	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.597940922 CEST	443	60426	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.598067045 CEST	443	60426	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.598130941 CEST	60426	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.598282099 CEST	60426	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.598282099 CEST	60426	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.598283052 CEST	60426	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.603251934 CEST	60430	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.603334904 CEST	443	60430	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.603420019 CEST	60430	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.603539944 CEST	60430	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.603559971 CEST	443	60430	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.603794098 CEST	443	60425	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.603852987 CEST	443	60425	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.603905916 CEST	443	60425	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.603935957 CEST	60425	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.603976011 CEST	443	60425	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.604007959 CEST	60425	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.604034901 CEST	60425	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.664237976 CEST	443	60428	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.664311886 CEST	443	60428	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.664509058 CEST	60428	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.664546013 CEST	443	60428	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.664614916 CEST	60428	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.664653063 CEST	443	60428	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.664777040 CEST	60428	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.664798021 CEST	443	60428	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.664819956 CEST	60428	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.664823055 CEST	443	60428	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.664848089 CEST	443	60428	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.667288065 CEST	60431	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.667331934 CEST	443	60431	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.667423964 CEST	60431	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.667535067 CEST	60431	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.667551041 CEST	443	60431	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.684777975 CEST	443	60425	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.684931040 CEST	443	60425	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.685107946 CEST	60425	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.685107946 CEST	60425	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.685107946 CEST	60425	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.685107946 CEST	60425	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.685209036 CEST	443	60425	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.686969995 CEST	60432	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.687057972 CEST	443	60432	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.688946009 CEST	60432	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.689040899 CEST	60432	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.689059019 CEST	443	60432	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.912587881 CEST	60426	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.912648916 CEST	443	60426	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:36.990432024 CEST	60425	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:36.990494013 CEST	443	60425	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.004698038 CEST	443	60427	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.027532101 CEST	60427	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.027564049 CEST	443	60427	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.027949095 CEST	60427	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.027960062 CEST	443	60427	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.101808071 CEST	443	60429	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.102300882 CEST	60429	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.102382898 CEST	443	60429	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.102673054 CEST	60429	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.102725983 CEST	443	60429	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.129833937 CEST	443	60427	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.129889011 CEST	443	60427	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.129967928 CEST	60427	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.129991055 CEST	443	60427	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.130064011 CEST	60427	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.200138092 CEST	443	60429	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.200190067 CEST	443	60429	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.200335979 CEST	443	60429	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.200398922 CEST	60429	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.200398922 CEST	60429	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.200485945 CEST	60429	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.200485945 CEST	60429	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.200526953 CEST	443	60429	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.200557947 CEST	443	60429	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.203083038 CEST	60433	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.203166008 CEST	443	60433	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.203260899 CEST	60433	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.203413010 CEST	60433	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.203433990 CEST	443	60433	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.212349892 CEST	443	60427	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.212455988 CEST	60427	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.212477922 CEST	443	60427	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.212524891 CEST	443	60427	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.212549925 CEST	60427	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.212574959 CEST	60427	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.212605953 CEST	60427	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.212605953 CEST	60427	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.212632895 CEST	443	60427	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.212652922 CEST	443	60427	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.214526892 CEST	60434	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.214608908 CEST	443	60434	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.214704037 CEST	60434	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.214797020 CEST	60434	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.214814901 CEST	443	60434	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.255832911 CEST	443	60430	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.257067919 CEST	60430	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.257126093 CEST	443	60430	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.257422924 CEST	60430	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.257476091 CEST	443	60430	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.332231998 CEST	443	60431	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.332617998 CEST	60431	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.332662106 CEST	443	60431	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.333025932 CEST	60431	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.333044052 CEST	443	60431	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.345447063 CEST	443	60432	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.345726967 CEST	60432	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.345787048 CEST	443	60432	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.346013069 CEST	60432	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.346026897 CEST	443	60432	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.351946115 CEST	443	60430	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.352303028 CEST	443	60430	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.352488041 CEST	60430	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.352488041 CEST	60430	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.352488041 CEST	60430	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.354199886 CEST	60435	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.354254007 CEST	443	60435	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.354331017 CEST	60435	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.354681015 CEST	60435	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.354700089 CEST	443	60435	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.432116985 CEST	443	60431	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.432250977 CEST	443	60431	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.432317019 CEST	60431	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.432421923 CEST	60431	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.432468891 CEST	443	60431	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.432498932 CEST	60431	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.432514906 CEST	443	60431	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.434945107 CEST	60436	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.434979916 CEST	443	60436	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.435040951 CEST	60436	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.435164928 CEST	60436	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.435168982 CEST	443	60436	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.441432953 CEST	443	60432	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.441839933 CEST	443	60432	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.441895962 CEST	60432	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.441976070 CEST	60432	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.441976070 CEST	60432	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.442018032 CEST	443	60432	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.442047119 CEST	443	60432	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.444890976 CEST	60437	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.444976091 CEST	443	60437	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.445059061 CEST	60437	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.445152998 CEST	60437	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.445179939 CEST	443	60437	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.662643909 CEST	60430	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.662704945 CEST	443	60430	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.842116117 CEST	443	60434	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.842672110 CEST	60434	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.842756033 CEST	443	60434	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.843080997 CEST	60434	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.843096018 CEST	443	60434	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.845802069 CEST	443	60433	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.846035004 CEST	60433	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.846061945 CEST	443	60433	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.846425056 CEST	60433	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.846478939 CEST	443	60433	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.938150883 CEST	443	60434	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.938880920 CEST	443	60434	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.938985109 CEST	443	60434	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.939042091 CEST	60434	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.939042091 CEST	60434	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.939127922 CEST	60434	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.939127922 CEST	60434	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.939168930 CEST	443	60434	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.939198971 CEST	443	60434	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.941538095 CEST	60438	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.941622972 CEST	443	60438	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.941739082 CEST	60438	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.941874981 CEST	60438	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.941906929 CEST	443	60438	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.944952011 CEST	443	60433	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.945144892 CEST	443	60433	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.945220947 CEST	60433	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.945300102 CEST	60433	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.945301056 CEST	60433	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.945342064 CEST	443	60433	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.945374012 CEST	443	60433	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.979310036 CEST	443	60435	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.979773045 CEST	60435	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.979856014 CEST	443	60435	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:37.980012894 CEST	60435	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:37.980030060 CEST	443	60435	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.078540087 CEST	443	60435	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.078679085 CEST	443	60435	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.078898907 CEST	60435	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.078898907 CEST	60435	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.078898907 CEST	60435	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.086900949 CEST	443	60437	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.087387085 CEST	60437	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.087467909 CEST	443	60437	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.087699890 CEST	443	60436	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.087759018 CEST	60437	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.087812901 CEST	443	60437	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.087919950 CEST	60436	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.087944031 CEST	443	60436	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.088165998 CEST	60436	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.088171005 CEST	443	60436	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.186180115 CEST	443	60437	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.186331987 CEST	443	60437	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.186522961 CEST	60437	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.186522961 CEST	60437	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.186522961 CEST	60437	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.222887039 CEST	443	60436	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.223030090 CEST	443	60436	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.223093033 CEST	60436	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.223139048 CEST	60436	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.223156929 CEST	443	60436	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.223169088 CEST	60436	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.223174095 CEST	443	60436	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.381417990 CEST	60435	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.381479979 CEST	443	60435	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.490607977 CEST	60437	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.490668058 CEST	443	60437	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.575382948 CEST	443	60438	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.576122046 CEST	60438	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.576205969 CEST	443	60438	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.576662064 CEST	60438	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.576714993 CEST	443	60438	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.671313047 CEST	443	60438	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.671488047 CEST	443	60438	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:38.671799898 CEST	60438	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.671799898 CEST	60438	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.671799898 CEST	60438	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.975184917 CEST	60438	443	192.168.2.4	13.107.246.60
Oct 7, 2024 20:47:38.975244045 CEST	443	60438	13.107.246.60	192.168.2.4
Oct 7, 2024 20:47:45.806358099 CEST	60235	443	192.168.2.4	142.250.185.132
Oct 7, 2024 20:47:45.806427002 CEST	443	60235	142.250.185.132	192.168.2.4
Oct 7, 2024 20:47:45.806652069 CEST	60439	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:45.806742907 CEST	443	60439	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:45.808360100 CEST	60439	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:45.808509111 CEST	60439	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:45.808541059 CEST	443	60439	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:45.944881916 CEST	60440	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:45.944969893 CEST	443	60440	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:45.945060968 CEST	60440	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:45.945218086 CEST	60440	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:45.945239067 CEST	443	60440	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:46.455854893 CEST	443	60439	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:46.456276894 CEST	60439	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:46.456342936 CEST	443	60439	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:46.456877947 CEST	443	60439	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:46.457403898 CEST	60439	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:46.457403898 CEST	60439	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:46.457405090 CEST	60439	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:46.457509995 CEST	443	60439	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:46.457592964 CEST	443	60439	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:46.506556988 CEST	60439	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:46.592300892 CEST	443	60440	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:46.592540026 CEST	60440	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:46.592571020 CEST	443	60440	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:46.593775988 CEST	443	60440	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:46.594080925 CEST	60440	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:46.594182014 CEST	443	60440	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:46.594217062 CEST	60440	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:46.594276905 CEST	60440	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:46.594295025 CEST	443	60440	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:46.755372047 CEST	443	60439	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:46.756705046 CEST	443	60439	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:46.756874084 CEST	60439	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:46.756958961 CEST	60439	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:46.756999969 CEST	443	60439	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:46.881021976 CEST	443	60440	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:46.882230997 CEST	443	60440	142.250.186.78	192.168.2.4
Oct 7, 2024 20:47:46.882430077 CEST	60440	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:46.882669926 CEST	60440	443	192.168.2.4	142.250.186.78
Oct 7, 2024 20:47:46.882713079 CEST	443	60440	142.250.186.78	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 20:46:01.176422119 CEST	65241	53	192.168.2.4	1.1.1.1
Oct 7, 2024 20:46:01.176747084 CEST	55989	53	192.168.2.4	1.1.1.1
Oct 7, 2024 20:46:01.184545040 CEST	53	55989	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:01.184581995 CEST	53	65241	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:01.198060989 CEST	53	50787	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:01.221546888 CEST	53	59634	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:02.325747967 CEST	63996	53	192.168.2.4	1.1.1.1
Oct 7, 2024 20:46:02.325913906 CEST	54705	53	192.168.2.4	1.1.1.1
Oct 7, 2024 20:46:02.333398104 CEST	53	63996	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:02.334083080 CEST	53	54705	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:02.357863903 CEST	53	55575	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:05.584583044 CEST	65441	53	192.168.2.4	1.1.1.1
Oct 7, 2024 20:46:05.584728003 CEST	50380	53	192.168.2.4	1.1.1.1
Oct 7, 2024 20:46:05.604778051 CEST	53	65441	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:05.604821920 CEST	53	50380	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:07.669178963 CEST	53	55589	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:10.295494080 CEST	62172	53	192.168.2.4	1.1.1.1
Oct 7, 2024 20:46:10.295623064 CEST	58274	53	192.168.2.4	1.1.1.1
Oct 7, 2024 20:46:10.303683996 CEST	53	58274	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:10.305794001 CEST	53	62172	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:11.350646973 CEST	65114	53	192.168.2.4	1.1.1.1
Oct 7, 2024 20:46:11.351116896 CEST	52342	53	192.168.2.4	1.1.1.1
Oct 7, 2024 20:46:11.358124018 CEST	53	65114	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:11.360132933 CEST	53	52342	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:13.561408997 CEST	53	63994	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:19.129698992 CEST	138	138	192.168.2.4	192.168.2.255
Oct 7, 2024 20:46:19.328419924 CEST	53	56021	1.1.1.1	192.168.2.4
Oct 7, 2024 20:46:23.374214888 CEST	53	49363	1.1.1.1	192.168.2.4
Oct 7, 2024 20:47:00.845659018 CEST	53	50373	1.1.1.1	192.168.2.4
Oct 7, 2024 20:47:12.457091093 CEST	53	59261	1.1.1.1	192.168.2.4
Oct 7, 2024 20:47:14.165755987 CEST	64180	53	192.168.2.4	1.1.1.1
Oct 7, 2024 20:47:14.165877104 CEST	60743	53	192.168.2.4	1.1.1.1
Oct 7, 2024 20:47:14.173371077 CEST	53	60743	1.1.1.1	192.168.2.4
Oct 7, 2024 20:47:14.173810005 CEST	53	64180	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 7, 2024 20:46:01.176422119 CEST	192.168.2.4	1.1.1.1	0x3beb	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:01.176747084 CEST	192.168.2.4	1.1.1.1	0xb476	Standard query (0)	youtube.com	65	IN (0x0001)	false
Oct 7, 2024 20:46:02.325747967 CEST	192.168.2.4	1.1.1.1	0xb226	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:02.325913906 CEST	192.168.2.4	1.1.1.1	0x1377	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 20:46:05.584583044 CEST	192.168.2.4	1.1.1.1	0x969c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:05.584728003 CEST	192.168.2.4	1.1.1.1	0xdba0	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 7, 2024 20:46:10.295494080 CEST	192.168.2.4	1.1.1.1	0xc76a	Standard query (0)	accounts.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:10.295623064 CEST	192.168.2.4	1.1.1.1	0x64bc	Standard query (0)	accounts.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 20:46:11.350646973 CEST	192.168.2.4	1.1.1.1	0xa670	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:11.351116896 CEST	192.168.2.4	1.1.1.1	0xa227	Standard query (0)	play.google.com	65	IN (0x0001)	false
Oct 7, 2024 20:47:14.165755987 CEST	192.168.2.4	1.1.1.1	0x5d0f	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:47:14.165877104 CEST	192.168.2.4	1.1.1.1	0x751d	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 7, 2024 20:46:01.184545040 CEST	1.1.1.1	192.168.2.4	0xb476	No error (0)	youtube.com			65	IN (0x0001)	false
Oct 7, 2024 20:46:01.184581995 CEST	1.1.1.1	192.168.2.4	0x3beb	No error (0)	youtube.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:02.333398104 CEST	1.1.1.1	192.168.2.4	0xb226	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 20:46:02.333398104 CEST	1.1.1.1	192.168.2.4	0xb226	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:02.333398104 CEST	1.1.1.1	192.168.2.4	0xb226	No error (0)	youtube-ui.l.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:02.333398104 CEST	1.1.1.1	192.168.2.4	0xb226	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:02.333398104 CEST	1.1.1.1	192.168.2.4	0xb226	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:02.333398104 CEST	1.1.1.1	192.168.2.4	0xb226	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:02.333398104 CEST	1.1.1.1	192.168.2.4	0xb226	No error (0)	youtube-ui.l.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:02.333398104 CEST	1.1.1.1	192.168.2.4	0xb226	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:02.333398104 CEST	1.1.1.1	192.168.2.4	0xb226	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:02.333398104 CEST	1.1.1.1	192.168.2.4	0xb226	No error (0)	youtube-ui.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:02.333398104 CEST	1.1.1.1	192.168.2.4	0xb226	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:02.333398104 CEST	1.1.1.1	192.168.2.4	0xb226	No error (0)	youtube-ui.l.google.com		142.250.186.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:02.333398104 CEST	1.1.1.1	192.168.2.4	0xb226	No error (0)	youtube-ui.l.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:02.333398104 CEST	1.1.1.1	192.168.2.4	0xb226	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:02.333398104 CEST	1.1.1.1	192.168.2.4	0xb226	No error (0)	youtube-ui.l.google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:02.333398104 CEST	1.1.1.1	192.168.2.4	0xb226	No error (0)	youtube-ui.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:02.333398104 CEST	1.1.1.1	192.168.2.4	0xb226	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:02.334083080 CEST	1.1.1.1	192.168.2.4	0x1377	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 20:46:02.334083080 CEST	1.1.1.1	192.168.2.4	0x1377	No error (0)	youtube-ui.l.google.com			65	IN (0x0001)	false
Oct 7, 2024 20:46:05.604778051 CEST	1.1.1.1	192.168.2.4	0x969c	No error (0)	www.google.com		142.250.185.132	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:05.604821920 CEST	1.1.1.1	192.168.2.4	0xdba0	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 7, 2024 20:46:10.303683996 CEST	1.1.1.1	192.168.2.4	0x64bc	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 20:46:10.305794001 CEST	1.1.1.1	192.168.2.4	0xc76a	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 20:46:10.305794001 CEST	1.1.1.1	192.168.2.4	0xc76a	No error (0)	www3.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:46:11.358124018 CEST	1.1.1.1	192.168.2.4	0xa670	No error (0)	play.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 20:47:14.173810005 CEST	1.1.1.1	192.168.2.4	0x5d0f	No error (0)	play.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.youtube.com

https:

accounts.youtube.com

play.google.com

www.google.com

slscr.update.microsoft.com

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	142.250.185.174	443	7220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:02 UTC	902	OUT	GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1 Host: www.youtube.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: YSC=S5HctmVlfJE
2024-10-07 18:46:03 UTC	2530	IN	HTTP/1.1 303 See Other Content-Type: application/binary X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 18:46:03 GMT Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script' P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Mon, 07-Oct-2024 19:16:03 GMT; Path=/; Secure; HttpOnly Set-Cookie: VISITOR_INFO1_LIVE=DY3442Mulhw; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 18:46:03 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgDg%3D%3D; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 18:46:03 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49756	142.250.185.174	443	7220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:10 UTC	1224	OUT	GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-560230264&timestamp=1728326769600 HTTP/1.1 Host: accounts.youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 18:46:11 UTC	1967	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: ALLOW-FROM https://accounts.google.com Content-Security-Policy: frame-ancestors https://accounts.google.com Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-bMI4HRwxe6w_AMFHfRtZuQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 18:46:11 GMT Cross-Origin-Resource-Policy: cross-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmII1JBikPj6kkkDiJ3SZ7AGAXHSv_OsRUB8ufsS63UgVu25xGoKxEUSV1ibgFiIm-PzjQk72AR-XN5hrKSXlF8Yn5mSmleSWVKZkp-bmJmXnJ-fnZlaXJxaVJZaFG9kYGRiYGlkqWdgEV9gAADHAS2H" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 18:46:11 UTC	1967	IN	Data Raw: 37 36 31 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 62 4d 49 34 48 52 77 78 65 36 77 5f 41 4d 46 48 66 52 74 5a 75 51 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f Data Ascii: 7615<html><head><script nonce="bMI4HRwxe6w_AMFHfRtZuQ">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs\|\|{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
2024-10-07 18:46:11 UTC	1967	IN	Data Raw: 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c Data Ascii: =/Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\
2024-10-07 18:46:11 UTC	1967	IN	Data Raw: 7b 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 69 67 69 6e 74 22 3a 72 65 74 75 72 6e 28 41 61 3f 0a 61 3e 3d 42 61 26 26 61 3c 3d 43 61 3a 61 5b 30 5d 3d 3d 3d 22 2d 22 3f 75 61 28 61 2c 44 61 29 3a 75 61 28 61 2c 45 61 29 29 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 43 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 46 61 26 26 61 21 3d 6e 75 6c 6c 26 26 Data Ascii: {switch(typeof a){case "number":return isFinite(a)?a:String(a);case "bigint":return(Aa?a>=Ba&&a<=Ca:a[0]==="-"?ua(a,Da):ua(a,Ea))?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(C(a))return}else if(Fa&&a!=null&&
2024-10-07 18:46:11 UTC	1967	IN	Data Raw: 69 6f 6e 28 61 29 7b 76 61 72 20 62 3b 69 66 28 61 26 26 28 62 3d 51 61 29 21 3d 6e 75 6c 6c 26 26 62 2e 68 61 73 28 61 29 26 26 28 62 3d 61 2e 43 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 3b 69 66 28 63 3d 3d 3d 62 2e 6c 65 6e 67 74 68 2d 31 26 26 41 28 64 29 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 7b 76 61 72 20 66 3d 64 5b 65 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 66 29 26 26 0a 52 61 28 66 2c 61 29 7d 65 6c 73 65 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 64 29 26 26 52 61 28 64 2c 61 29 7d 61 3d 45 3f 61 2e 43 3a 4d 61 28 61 2e 43 2c 50 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 65 3d 21 45 3b 69 66 28 62 3d 61 2e 6c 65 6e 67 74 68 29 7b Data Ascii: ion(a){var b;if(a&&(b=Qa)!=null&&b.has(a)&&(b=a.C))for(var c=0;c<b.length;c++){var d=b[c];if(c===b.length-1&&A(d))for(var e in d){var f=d[e];Array.isArray(f)&&Ra(f,a)}else Array.isArray(d)&&Ra(d,a)}a=E?a.C:Ma(a.C,Pa,void 0,void 0,!1);e=!E;if(b=a.length){
2024-10-07 18:46:11 UTC	1967	IN	Data Raw: 0a 47 28 22 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 63 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 57 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f Data Ascii: G("Symbol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Wa[b[c]];typeof d==="functio
2024-10-07 18:46:11 UTC	1967	IN	Data Raw: 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 2e 67 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6b 29 7b 6b 3d 48 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 Data Ascii: th.random();e("freeze");e("preventExtensions");e("seal");var h=0,g=function(k){this.g=(h+=Math.random()+1).toString();if(k){k=H(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};g.prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);i
2024-10-07 18:46:11 UTC	1967	IN	Data Raw: 63 74 69 6f 6e 28 67 29 7b 72 65 74 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 Data Ascii: ction(g){return g.value})};c.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"\|\|l=="functi
2024-10-07 18:46:11 UTC	1967	IN	Data Raw: 2e 69 73 4e 61 4e 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 66 62 3d 66 62 7c 7c 7b 7d 2c 71 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 67 62 3d 71 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 71 2c 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 62 3d 62 5b 61 5b 63 5d 5d 2c 62 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 7d 2c 69 62 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 4d 61 Data Ascii: .isNaN",function(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var fb=fb\|\|{},q=this\|\|self,gb=q._F_toggles\|\|[],hb=function(a){a=a.split(".");for(var b=q,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b},ib="closure_uid_"+(Ma
2024-10-07 18:46:11 UTC	1967	IN	Data Raw: 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 3d 7b 7d 29 3b 61 2e 5f 5f 63 6c 6f 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 2e 73 65 76 65 72 69 74 79 3d 62 7d 3b 76 61 72 20 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 71 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 67 2c 6b 2c 6c 29 7b 64 26 26 64 28 66 2c 68 2c 67 2c 6b 2c 6c 29 3b 61 28 7b 6d 65 73 73 61 67 65 3a 66 2c 66 69 6c 65 4e 61 6d 65 3a 68 2c 6c 69 6e 65 3a 67 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 67 2c 62 61 3a 6b 2c 65 72 72 6f 72 3a 6c 7d 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 74 62 3d 66 75 6e Data Ascii: sure__error__context__984382={});a.__closure__error__context__984382.severity=b};var qb=function(a,b,c){c=c\|\|q;var d=c.onerror,e=!!b;c.onerror=function(f,h,g,k,l){d&&d(f,h,g,k,l);a({message:f,fileName:h,line:g,lineNumber:g,ba:k,error:l});return e}},tb=fun
2024-10-07 18:46:11 UTC	1967	IN	Data Raw: 74 72 69 6e 67 22 3a 62 72 65 61 6b 3b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 73 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a 74 79 70 65 6f 66 20 66 7d 66 2e 6c 65 6e 67 74 68 3e 34 30 26 26 28 66 3d 66 2e 73 6c 69 63 65 28 30 2c 34 30 29 2b 22 2e 2e 2e 22 29 3b 63 2e 70 75 73 68 28 66 29 7d 62 2e 70 75 73 68 28 61 29 3b 63 2e 70 75 73 68 28 22 29 5c 6e 22 29 3b 74 72 79 7b 63 2e 70 75 73 68 28 77 62 28 61 2e 63 61 6c 6c 65 72 2c 62 29 29 7d 63 61 74 63 68 28 68 29 7b Data Ascii: tring":break;case "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=sb(f))?f:"[fn]";break;default:f=typeof f}f.length>40&&(f=f.slice(0,40)+"...");c.push(f)}b.push(a);c.push(")\n");try{c.push(wb(a.caller,b))}catch(h){

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49760	142.250.185.238	443	7220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:11 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 18:46:12 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 18:46:12 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49762	142.250.185.238	443	7220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:12 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 18:46:12 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 18:46:12 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49765	142.250.185.238	443	7220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:12 UTC	1132	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 518 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 18:46:12 UTC	518	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 32 36 37 37 30 36 35 33 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728326770653",null,null,null
2024-10-07 18:46:13 UTC	933	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=l6RhwBIEnQ0sdkLit3GV36k4WWPtKRXXI_zxtvmrJYfUl7HHRnOlDlNPSVQiUi3A5RIxxrsUl1voIWoa4Nd13AoC7YmntBUvy6vLYfAGPTzaq5_bWC1B4TSysCwDglrBVjSmkxBolXQq2q0i1aBcQEcuWWGSL4zdimp5AoCaJ8avbJkrpJU; expires=Tue, 08-Apr-2025 18:46:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 18:46:12 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 18:46:12 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 18:46:13 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 18:46:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49766	142.250.185.238	443	7220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:12 UTC	1132	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 519 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 18:46:12 UTC	519	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 32 36 37 37 30 37 33 35 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728326770735",null,null,null
2024-10-07 18:46:13 UTC	933	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=PNEHn0j6dWydLmDzUU064NX0LLpAsu24RYTiBxCpZFJw_nBLnlLoNb4uRqc0mo73zrmFeflDSpZua9G3l4BoBOnAQ6qtlc9lwUBa8bEFkLlJAf4UH_hlRgr8bWo_TpWUKwyj0bl8eITPxhfUvICXEjBdsoH_HQRw0rOb6AEoRz829aBCTuw; expires=Tue, 08-Apr-2025 18:46:13 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 18:46:13 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 18:46:13 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 18:46:13 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 18:46:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49741	142.250.185.132	443	7220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:13 UTC	1222	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=l6RhwBIEnQ0sdkLit3GV36k4WWPtKRXXI_zxtvmrJYfUl7HHRnOlDlNPSVQiUi3A5RIxxrsUl1voIWoa4Nd13AoC7YmntBUvy6vLYfAGPTzaq5_bWC1B4TSysCwDglrBVjSmkxBolXQq2q0i1aBcQEcuWWGSL4zdimp5AoCaJ8avbJkrpJU
2024-10-07 18:46:13 UTC	705	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Mon, 07 Oct 2024 17:53:36 GMT Expires: Tue, 15 Oct 2024 17:53:36 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 3157 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-07 18:46:13 UTC	685	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-10-07 18:46:13 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-10-07 18:46:13 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-10-07 18:46:13 UTC	1390	IN	Data Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-10-07 18:46:13 UTC	575	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49769	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:15 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hRm6SBNxBBMyyht&MD=xmKsWxeB HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 18:46:16 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 236ff8f2-8a15-4002-ae3f-c58b9c5621ca MS-RequestId: 23e4091b-3600-4d12-a789-626c9f492e21 MS-CV: VKyS9RRkOkmay6Gq.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 18:46:15 GMT Connection: close Content-Length: 24490
2024-10-07 18:46:16 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-07 18:46:16 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49780	142.250.185.238	443	7220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:20 UTC	1307	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1221 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=PNEHn0j6dWydLmDzUU064NX0LLpAsu24RYTiBxCpZFJw_nBLnlLoNb4uRqc0mo73zrmFeflDSpZua9G3l4BoBOnAQ6qtlc9lwUBa8bEFkLlJAf4UH_hlRgr8bWo_TpWUKwyj0bl8eITPxhfUvICXEjBdsoH_HQRw0rOb6AEoRz829aBCTuw
2024-10-07 18:46:20 UTC	1221	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 38 33 32 36 37 36 38 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[4,0,0,0,0]]],558,[["1728326768000",null,null,null,
2024-10-07 18:46:20 UTC	941	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=cBIDocdZDNKtPWSh2XYxgbf-oOo05p2etVhWD-mvq5xn653c3R21cEDtaW3wGSphNxDDT5tLi29Ps0aTAV2vWFuHZcBL0O_-okpi4Z4ixgo0dmmSMLM1oJocNgOv21xb3Jkg23M44sfxag3tG6TmJpDnzevg34QD9GsWFWIUoLBpuFi2UXEexsaZ7P4; expires=Tue, 08-Apr-2025 18:46:20 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 18:46:20 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 18:46:20 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 18:46:20 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 18:46:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	60164	142.250.185.238	443	7220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:42 UTC	1298	OUT	POST /log?hasfast=true&authuser=0&format=json HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1066 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=cBIDocdZDNKtPWSh2XYxgbf-oOo05p2etVhWD-mvq5xn653c3R21cEDtaW3wGSphNxDDT5tLi29Ps0aTAV2vWFuHZcBL0O_-okpi4Z4ixgo0dmmSMLM1oJocNgOv21xb3Jkg23M44sfxag3tG6TmJpDnzevg34QD9GsWFWIUoLBpuFi2UXEexsaZ7P4
2024-10-07 18:46:42 UTC	1066	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 62 6f 71 5f 69 64 65 6e 74 69 74 79 66 72 6f 6e 74 65 6e 64 61 75 74 68 75 69 73 65 72 76 65 72 5f 32 30 32 34 31 30 30 31 2e 30 36 5f 70 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 33 2c 30 2c 30 Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"boq_identityfrontendauthuiserver_20241001.06_p0",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[3,0,0
2024-10-07 18:46:43 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 18:46:43 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 18:46:43 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 18:46:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	60166	142.250.185.238	443	7220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:44 UTC	1338	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1324 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=cBIDocdZDNKtPWSh2XYxgbf-oOo05p2etVhWD-mvq5xn653c3R21cEDtaW3wGSphNxDDT5tLi29Ps0aTAV2vWFuHZcBL0O_-okpi4Z4ixgo0dmmSMLM1oJocNgOv21xb3Jkg23M44sfxag3tG6TmJpDnzevg34QD9GsWFWIUoLBpuFi2UXEexsaZ7P4
2024-10-07 18:46:44 UTC	1324	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 32 36 38 30 33 30 32 31 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728326803021",null,null,null
2024-10-07 18:46:44 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 18:46:44 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 18:46:44 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 18:46:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	60165	142.250.185.238	443	7220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:44 UTC	1338	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1235 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=cBIDocdZDNKtPWSh2XYxgbf-oOo05p2etVhWD-mvq5xn653c3R21cEDtaW3wGSphNxDDT5tLi29Ps0aTAV2vWFuHZcBL0O_-okpi4Z4ixgo0dmmSMLM1oJocNgOv21xb3Jkg23M44sfxag3tG6TmJpDnzevg34QD9GsWFWIUoLBpuFi2UXEexsaZ7P4
2024-10-07 18:46:44 UTC	1235	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 32 36 38 30 33 32 34 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728326803240",null,null,null
2024-10-07 18:46:44 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 18:46:44 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 18:46:44 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 18:46:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	60167	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:53 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hRm6SBNxBBMyyht&MD=xmKsWxeB HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 18:46:54 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: d1fa4887-3803-442b-b2d0-c32bba31b849 MS-RequestId: d2c83022-7eff-4b1c-a43c-bf6c523b376e MS-CV: Rzv3R8H1/UKpvL2F.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 18:46:53 GMT Connection: close Content-Length: 30005
2024-10-07 18:46:54 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-07 18:46:54 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	60168	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:55 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:55 UTC	540	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:55 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Sun, 06 Oct 2024 16:59:23 GMT ETag: "0x8DCE6283A3FA58B" x-ms-request-id: 86eceaf5-401e-00a3-6fa2-188b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184655Z-1657d5bbd48t66tjar5xuq22r800000003v000000000fyrr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:55 UTC	15844	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-07 18:46:55 UTC	16384	IN	Data Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
2024-10-07 18:46:55 UTC	16384	IN	Data Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
2024-10-07 18:46:56 UTC	16384	IN	Data Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
2024-10-07 18:46:56 UTC	16384	IN	Data Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
2024-10-07 18:46:56 UTC	16384	IN	Data Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
2024-10-07 18:46:56 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
2024-10-07 18:46:56 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
2024-10-07 18:46:56 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
2024-10-07 18:46:56 UTC	16384	IN	Data Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	60173	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:56 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:56 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 28f6fc08-301e-0020-466a-176299000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184656Z-1657d5bbd482krtfgrg72dfbtn00000003gg00000000x1n9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:56 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	60171	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:56 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:56 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:56 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 8aaf7b13-d01e-0028-46fd-167896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184656Z-1657d5bbd48dfrdj7px744zp8s00000003h000000000wc95 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:56 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	60169	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:56 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:56 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:56 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 4545068c-701e-0050-0e05-176767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184656Z-1657d5bbd487nf59mzf5b3gk8n00000003d000000000vcsb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:56 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	60170	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:56 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:56 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: d4448e94-101e-00a2-2703-179f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184656Z-1657d5bbd48qjg85buwfdynm5w0000000410000000006669 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:56 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	60172	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:56 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:56 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:56 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: c59bb0f9-701e-0097-2d01-17b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184656Z-1657d5bbd4824mj9d6vp65b6n400000003zg00000000xguk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:56 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	60178	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:57 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:57 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 87fc294c-201e-0051-40f3-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184657Z-1657d5bbd48brl8we3nu8cxwgn000000049g00000000015a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:57 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	60175	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:57 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:57 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 1707b783-801e-00a3-53e5-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184657Z-1657d5bbd48xsz2nuzq4vfrzg800000003mg000000012xbk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:57 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	60176	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:57 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:57 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 73fc0cc0-d01e-008e-5fee-16387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184657Z-1657d5bbd48jwrqbupe3ktsx9w000000044g000000006srs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:57 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	60174	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:57 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:57 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 3ea0840d-701e-0053-1012-173a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184657Z-1657d5bbd48xdq5dkwwugdpzr0000000041g000000016419 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:57 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	60177	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:57 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:57 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 15158de7-401e-0029-4b00-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184657Z-1657d5bbd48dfrdj7px744zp8s00000003rg0000000008kw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:57 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	60180	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:58 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:58 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 915c1ee4-001e-0079-3000-1712e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184658Z-1657d5bbd482lxwq1dp2t1zwkc00000003rg0000000002at x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:58 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	60179	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:58 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:58 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 789c8418-601e-0032-5905-17eebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184658Z-1657d5bbd48t66tjar5xuq22r800000003rg00000000zm6z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:58 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	60182	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:58 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:58 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: bf7deccb-401e-0064-0f0e-1754af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184658Z-1657d5bbd48vlsxxpe15ac3q7n00000003w000000000cf4w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:58 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	60183	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:58 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:58 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 99ffd5e0-b01e-0053-0101-17cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184658Z-1657d5bbd482krtfgrg72dfbtn00000003mg00000000frd7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:58 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	60181	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:58 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:58 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 0a3893d3-c01e-0082-33ee-16af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184658Z-1657d5bbd48lknvp09v995n79000000003k0000000007xw7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:58 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	60185	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:59 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:59 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 27ba9a72-001e-0046-2a01-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184659Z-1657d5bbd48dfrdj7px744zp8s00000003n000000000eyh0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:59 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	60186	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:59 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:59 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: c2d0a885-201e-0003-7ced-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184659Z-1657d5bbd482lxwq1dp2t1zwkc00000003m000000000nnu2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:59 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	60188	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:59 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:59 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: d3d0b776-b01e-003d-1803-17d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184659Z-1657d5bbd4824mj9d6vp65b6n4000000040g00000000s5gc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:59 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	60184	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:59 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:59 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: e72ec3ca-501e-005b-2401-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184659Z-1657d5bbd48lknvp09v995n79000000003kg0000000054z2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:59 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	60187	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:59 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:59 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 5a59384b-a01e-0053-3602-178603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184659Z-1657d5bbd482krtfgrg72dfbtn00000003qg0000000049u8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:59 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	60189	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:59 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:59 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 20b36261-201e-006e-7102-17bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184659Z-1657d5bbd48sqtlf1huhzuwq7000000003m000000000k41p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:59 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	60192	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:59 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:59 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 81e42967-c01e-0014-5ee9-16a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184659Z-1657d5bbd48762wn1qw4s5sd3000000003r000000000k4xv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:59 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	60191	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:59 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:59 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 3c22684b-b01e-0084-63e7-18d736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184659Z-1657d5bbd48gqrfwecymhhbfm800000002q000000000gksz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:59 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	60190	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:59 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:46:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:59 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: f57b7c9f-801e-00a0-4a13-172196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184659Z-1657d5bbd48cpbzgkvtewk0wu00000000420000000001aka x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:46:59 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	60193	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:46:59 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:46:59 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 6be05283-001e-00a2-2700-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184659Z-1657d5bbd48xlwdx82gahegw4000000003z000000000yrz4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:00 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	60194	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:00 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:00 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 40323690-a01e-0002-0100-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184700Z-1657d5bbd48762wn1qw4s5sd3000000003r000000000k4z4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:00 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	60196	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:00 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:00 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 7cec3a6f-e01e-0033-3414-174695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184700Z-1657d5bbd48cpbzgkvtewk0wu000000003x000000000rmvq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:00 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	60198	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:00 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:00 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 7c825ef0-601e-0001-5f02-17faeb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184700Z-1657d5bbd48jwrqbupe3ktsx9w00000003y0000000014dhs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:00 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	60195	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:00 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:00 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: c530354f-501e-0016-5013-17181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184700Z-1657d5bbd48sqtlf1huhzuwq7000000003k000000000qa70 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:00 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	60197	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:00 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:00 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: ad400b52-801e-008f-58ac-182c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184700Z-1657d5bbd48hzllksrq1r6zsvs000000014g00000000a1s9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:00 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	60199	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:01 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:01 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 10df1352-f01e-00aa-105a-178521000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184701Z-1657d5bbd48762wn1qw4s5sd3000000003q000000000rr63 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:01 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	60200	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:01 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:01 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: b27116a7-a01e-003d-3a00-1798d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184701Z-1657d5bbd487nf59mzf5b3gk8n00000003hg000000009b37 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:01 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	60203	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:01 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:01 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: a2d01d3c-801e-0083-4800-17f0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184701Z-1657d5bbd48dfrdj7px744zp8s00000003q0000000006qsp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:01 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	60201	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:01 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:01 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: a62739ea-301e-005d-6402-17e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184701Z-1657d5bbd48sdh4cyzadbb374800000003m000000000zbpx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:01 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	60202	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:01 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:01 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: b8f8ddc8-601e-0001-115a-17faeb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184701Z-1657d5bbd48xsz2nuzq4vfrzg800000003n000000000z8ar x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:01 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	60205	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:02 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:02 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 4dd19665-401e-005b-7705-179c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184702Z-1657d5bbd48762wn1qw4s5sd3000000003u00000000053uh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:02 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	60206	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:02 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:02 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 151ca1e1-401e-0029-2b03-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184702Z-1657d5bbd4824mj9d6vp65b6n4000000043000000000de1w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:02 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	60208	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:02 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:02 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 11b227e2-601e-0002-7f6b-17a786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184702Z-1657d5bbd482lxwq1dp2t1zwkc00000003ng00000000dh9z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:02 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	60207	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:02 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:02 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: db28b7eb-d01e-0065-5efe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184702Z-1657d5bbd48jwrqbupe3ktsx9w00000003zg00000000yc5m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:02 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	60209	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:02 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:02 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: b2c548d6-d01e-0082-4f03-17e489000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184702Z-1657d5bbd48qjg85buwfdynm5w00000003vg00000000xmt5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:02 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	60211	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:02 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:02 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: c5dbf9be-001e-0017-2cf1-160c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184702Z-1657d5bbd48sqtlf1huhzuwq7000000003n000000000cvgx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:02 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	60212	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:02 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:02 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 5a5a1e5c-a01e-001e-18f5-1649ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184702Z-1657d5bbd48xsz2nuzq4vfrzg800000003t00000000090nf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:02 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	60210	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:02 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:02 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 7709e3c3-b01e-0097-5e02-174f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184702Z-1657d5bbd48wd55zet5pcra0cg00000003y0000000002wr0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:02 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	60213	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:02 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:02 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 721d8bd8-801e-002a-4f00-1731dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184702Z-1657d5bbd48gqrfwecymhhbfm800000002t00000000045kd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:02 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	60214	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:02 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:02 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: cb78c1b2-201e-003f-2e04-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184702Z-1657d5bbd48xlwdx82gahegw400000000440000000007s2u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:02 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	60215	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:03 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:03 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 27b6de9f-001e-0046-1e00-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184703Z-1657d5bbd48vhs7r2p1ky7cs5w000000043000000000vsc5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:03 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	60216	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:03 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:03 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: cc92db4a-701e-0053-3460-173a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184703Z-1657d5bbd48gqrfwecymhhbfm800000002mg00000000v5uq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:03 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	60217	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:03 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:03 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 2f3972b1-401e-0035-1b02-1782d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184703Z-1657d5bbd48xlwdx82gahegw40000000041g00000000n0s9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:03 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	60218	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:03 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:03 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 1ed82642-401e-0048-7b12-170409000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184703Z-1657d5bbd487nf59mzf5b3gk8n00000003d000000000vd32 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:03 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	60219	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:03 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:03 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: cde3aec9-601e-0084-63e5-166b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184703Z-1657d5bbd482tlqpvyz9e93p5400000003vg00000000vq7y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:03 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	60220	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:04 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:04 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 3a03d6b9-d01e-0066-52e9-16ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184704Z-1657d5bbd4824mj9d6vp65b6n400000003zg00000000xhca x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:04 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	60221	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:04 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:04 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: c367bd92-c01e-002b-14e8-186e00000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184704Z-1657d5bbd48f7nlxc7n5fnfzh000000003mg000000001ryg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:04 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	60222	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:04 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:04 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 46a5aa72-701e-0032-6004-17a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184704Z-1657d5bbd48vlsxxpe15ac3q7n00000003ug00000000m7wp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:04 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	60223	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:04 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:04 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:04 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 54bb7796-c01e-000b-02e9-18e255000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184704Z-1657d5bbd48vhs7r2p1ky7cs5w0000000490000000001yt5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-07 18:47:04 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	60224	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:04 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:04 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: b0fdb72d-401e-0015-37ce-160e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184704Z-1657d5bbd487nf59mzf5b3gk8n00000003e000000000s1zq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:04 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	60225	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:04 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:04 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 8d3bec0a-601e-0070-32fe-16a0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184704Z-1657d5bbd48f7nlxc7n5fnfzh000000003dg00000000wbau x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:05 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	60226	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:04 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:05 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 8d044b15-901e-00ac-3902-17b69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184705Z-1657d5bbd48gqrfwecymhhbfm800000002mg00000000v5wu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:05 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	60227	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:05 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:05 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: e72b6989-501e-005b-2b00-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184705Z-1657d5bbd482lxwq1dp2t1zwkc00000003ng00000000dhf7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:05 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	60228	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:05 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:05 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 0377c3fc-101e-000b-65dc-165e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184705Z-1657d5bbd482tlqpvyz9e93p5400000003vg00000000vqkx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:05 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	60229	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:05 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:05 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: a5e58c1d-b01e-00ab-5ac9-16dafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184705Z-1657d5bbd48cpbzgkvtewk0wu000000003y000000000hvhp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:05 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	60230	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:05 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:05 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 78a0432a-701e-001e-1805-17f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184705Z-1657d5bbd48tqvfc1ysmtbdrg000000003p000000000udbs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:05 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	60231	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:05 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:05 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: ef9cab6f-f01e-0099-0d00-179171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184705Z-1657d5bbd482lxwq1dp2t1zwkc00000003m000000000np6s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:05 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	60232	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:05 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:05 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 2f519f63-901e-0016-75ff-16efe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184705Z-1657d5bbd48sqtlf1huhzuwq7000000003qg0000000025p7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:05 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	60233	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:05 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:05 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: b67c2655-301e-0096-2300-17e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184705Z-1657d5bbd48vlsxxpe15ac3q7n00000003s000000000x3a7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:05 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	60234	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:05 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:05 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 821e4157-c01e-0014-3301-17a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184705Z-1657d5bbd48jwrqbupe3ktsx9w000000045g0000000023bs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:05 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	60236	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:06 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:06 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 763e8d43-601e-000d-6912-172618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184706Z-1657d5bbd48sdh4cyzadbb374800000003t0000000006wt4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:06 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	60237	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:06 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:06 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 897bc565-f01e-0096-5e60-1710ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184706Z-1657d5bbd487nf59mzf5b3gk8n00000003c000000001057v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:06 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	60238	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:06 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:06 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 01bf113a-f01e-003c-3703-178cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184706Z-1657d5bbd48t66tjar5xuq22r800000003vg00000000e5mv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:06 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	60239	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:06 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:06 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 7875ffac-201e-000c-7f02-1779c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184706Z-1657d5bbd482tlqpvyz9e93p5400000003vg00000000vqsq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:06 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	60240	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:06 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:06 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 3b7b7106-501e-0064-43e7-161f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184706Z-1657d5bbd487nf59mzf5b3gk8n00000003d000000000vd76 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:06 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	60242	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:07 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:07 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 2f576d96-401e-0047-3902-178597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184707Z-1657d5bbd482krtfgrg72dfbtn00000003n000000000f1fb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:07 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	60241	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:07 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:07 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 3c7823fd-401e-0015-0c60-170e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184707Z-1657d5bbd48dfrdj7px744zp8s00000003p000000000b517 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:07 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	60243	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:07 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:07 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: dfb96d6a-f01e-003f-17e5-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184707Z-1657d5bbd48qjg85buwfdynm5w00000003w000000000vvy9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:07 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	60244	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:07 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:07 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: f5ee0945-901e-0083-4202-17bb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184707Z-1657d5bbd48vlsxxpe15ac3q7n00000003z000000000060c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:07 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	60245	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:07 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:07 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 0607cd43-401e-0078-1b00-174d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184707Z-1657d5bbd48jwrqbupe3ktsx9w000000040000000000vys0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:07 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	60246	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:07 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:08 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:07 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: a5ff6bd9-301e-005d-3af2-16e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184707Z-1657d5bbd48q6t9vvmrkd293mg00000003w000000000bfze x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:08 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	60247	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:08 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:08 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 0c165d1d-a01e-000d-7dfe-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184708Z-1657d5bbd48jwrqbupe3ktsx9w0000000440000000008u1k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:08 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	60248	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:08 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:08 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: c2f609cb-201e-0003-75fd-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184708Z-1657d5bbd48brl8we3nu8cxwgn000000046g00000000cr06 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:08 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	60249	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:08 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:08 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:08 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 33b4d0ae-a01e-0032-35ff-161949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184708Z-1657d5bbd48xdq5dkwwugdpzr0000000047g00000000953y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:08 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	60250	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:08 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:08 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:08 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 960edd56-701e-005c-4100-17bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184708Z-1657d5bbd48wd55zet5pcra0cg00000003ug00000000hz9d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:08 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	60251	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:08 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:08 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:08 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: b738acd5-401e-0067-1502-1709c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184708Z-1657d5bbd487nf59mzf5b3gk8n00000003hg000000009bsf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:08 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	60253	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:08 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:08 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 0480ed94-801e-00ac-5102-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184708Z-1657d5bbd48sqtlf1huhzuwq7000000003h000000000tv3h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:09 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	60252	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:08 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:08 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:08 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 8a5fd43d-c01e-0066-4506-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184708Z-1657d5bbd48wd55zet5pcra0cg00000003w000000000ba7b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:08 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	60254	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:09 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:09 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: b72ef555-401e-0067-78fe-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184709Z-1657d5bbd482lxwq1dp2t1zwkc00000003m000000000npef x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:09 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	60255	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:09 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:09 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: db28c537-d01e-0065-47fe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184709Z-1657d5bbd48xdq5dkwwugdpzr0000000046g00000000deyz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:09 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	60256	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:09 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:09 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 03c3f781-101e-000b-56fe-165e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184709Z-1657d5bbd48xdq5dkwwugdpzr0000000042g000000010tk0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:09 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	60258	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:09 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:09 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 84e7aa3f-c01e-008e-74ff-167381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184709Z-1657d5bbd48gqrfwecymhhbfm800000002pg00000000kkt1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:09 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	60257	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:09 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:09 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: cb759915-201e-003f-5f03-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184709Z-1657d5bbd48gqrfwecymhhbfm800000002pg00000000kkt2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:09 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	60259	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:09 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:09 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 76165599-601e-000d-1a02-172618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184709Z-1657d5bbd482krtfgrg72dfbtn00000003m000000000hrbr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:09 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	60260	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:09 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:09 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 29f28342-e01e-003c-5d00-17c70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184709Z-1657d5bbd4824mj9d6vp65b6n400000003zg00000000xht8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:09 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	60262	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:10 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:10 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: 6f1c5b1d-901e-0048-485a-17b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184710Z-1657d5bbd48gqrfwecymhhbfm800000002pg00000000kku4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:10 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	60261	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:10 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:10 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: a9a45936-c01e-00a1-54f1-167e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184710Z-1657d5bbd48xlwdx82gahegw4000000003zg00000000w9xd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:10 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	60265	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:10 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:10 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 04600955-801e-00ac-55f4-16fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184710Z-1657d5bbd48f7nlxc7n5fnfzh000000003f000000000q19k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:10 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	60263	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:10 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:10 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: 173e0f62-801e-00a3-24fe-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184710Z-1657d5bbd48sdh4cyzadbb374800000003t0000000006x2z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:10 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	60264	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:10 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:10 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 6bee43b5-001e-00a2-2106-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184710Z-1657d5bbd48cpbzgkvtewk0wu000000003x000000000rnh7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:10 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	60267	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:11 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:11 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 62f7f1ae-f01e-0096-4d0c-1710ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184711Z-1657d5bbd48cpbzgkvtewk0wu0000000041g000000003kqk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:11 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	60266	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:11 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:11 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 4035d6e2-a01e-0002-4602-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184711Z-1657d5bbd48sqtlf1huhzuwq7000000003h000000000tv9e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:11 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	60268	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:11 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:11 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 87e26173-201e-0051-15e7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184711Z-1657d5bbd487nf59mzf5b3gk8n00000003c00000000105kh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:11 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	60270	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:11 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:11 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 31868579-401e-008c-0af2-1686c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184711Z-1657d5bbd48jwrqbupe3ktsx9w000000043g00000000bmhn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:11 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	60269	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:11 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:11 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: e8bf9cf6-101e-007a-0bac-18047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184711Z-1657d5bbd48hzllksrq1r6zsvs000000013g00000000dtv4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:11 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	60272	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:11 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:11 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: 08bf7a15-f01e-0020-7706-17956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184711Z-1657d5bbd48tnj6wmberkg2xy800000003wg00000000su9p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:12 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	60273	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:12 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:12 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 7d21ea5d-701e-0098-0502-17395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184712Z-1657d5bbd482krtfgrg72dfbtn00000003p0000000009y9x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:12 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	60274	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:12 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:12 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: b6fa471e-401e-0067-43e5-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184712Z-1657d5bbd48dfrdj7px744zp8s00000003m000000000m3bz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:12 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	60275	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:12 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:12 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 77012b0e-b01e-0097-0bff-164f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184712Z-1657d5bbd48jwrqbupe3ktsx9w00000003z00000000104vu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:12 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	60276	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:12 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:12 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: a18d9b1d-601e-0002-1f03-17a786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184712Z-1657d5bbd48762wn1qw4s5sd3000000003tg0000000079g9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:12 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	60277	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:12 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:12 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: d4fd285a-d01e-005a-06ed-167fd9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184712Z-1657d5bbd48dfrdj7px744zp8s00000003qg000000004by1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:12 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	60278	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:12 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:12 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 4d5cca78-701e-0021-6ae5-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184712Z-1657d5bbd48sdh4cyzadbb374800000003q000000000kvkm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:12 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	60279	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:12 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:12 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: c9f5ea47-201e-0071-33fe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184712Z-1657d5bbd48xsz2nuzq4vfrzg800000003pg00000000scq7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:12 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	60281	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:13 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:13 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 635e2ff4-801e-0035-1973-17752a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184713Z-1657d5bbd48f7nlxc7n5fnfzh000000003hg00000000a7sx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:13 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	60282	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:13 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:13 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 838d785c-001e-0014-24fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184713Z-1657d5bbd48qjg85buwfdynm5w000000040000000000afxm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:13 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	60283	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:13 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:13 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 4d8e5842-701e-0021-0efe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184713Z-1657d5bbd48vlsxxpe15ac3q7n00000003y0000000004929 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:13 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	60284	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:13 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:13 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 8a56303a-c01e-0066-0f01-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184713Z-1657d5bbd48cpbzgkvtewk0wu000000003v000000000yv12 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:13 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	60271	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:14 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:14 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: fbb49b00-e01e-00aa-4806-17ceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184714Z-1657d5bbd48brl8we3nu8cxwgn000000042g00000000yww6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:14 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	60286	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:14 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:14 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: 0c184816-a01e-000d-72ff-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184714Z-1657d5bbd48wd55zet5pcra0cg00000003wg000000009tf7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:14 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	60287	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:14 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:14 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: d3a3eb01-b01e-003d-1ef1-16d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184714Z-1657d5bbd48wd55zet5pcra0cg00000003vg00000000cy1d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:14 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	60288	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:14 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:14 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: 4833e4a9-401e-0047-05a5-188597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184714Z-1657d5bbd48hzllksrq1r6zsvs000000016g000000001sy3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:14 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	60285	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:14 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:14 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: cd0b82ba-d01e-0049-1304-17e7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184714Z-1657d5bbd48brl8we3nu8cxwgn0000000480000000006hes x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:14 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.4	60289	142.250.186.78	443	7220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:14 UTC	1338	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1516 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=cBIDocdZDNKtPWSh2XYxgbf-oOo05p2etVhWD-mvq5xn653c3R21cEDtaW3wGSphNxDDT5tLi29Ps0aTAV2vWFuHZcBL0O_-okpi4Z4ixgo0dmmSMLM1oJocNgOv21xb3Jkg23M44sfxag3tG6TmJpDnzevg34QD9GsWFWIUoLBpuFi2UXEexsaZ7P4
2024-10-07 18:47:14 UTC	1516	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 32 36 38 33 33 34 38 39 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728326833489",null,null,null
2024-10-07 18:47:15 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 18:47:14 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 18:47:15 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 18:47:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.4	60290	142.250.186.78	443	7220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:14 UTC	1338	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1454 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=cBIDocdZDNKtPWSh2XYxgbf-oOo05p2etVhWD-mvq5xn653c3R21cEDtaW3wGSphNxDDT5tLi29Ps0aTAV2vWFuHZcBL0O_-okpi4Z4ixgo0dmmSMLM1oJocNgOv21xb3Jkg23M44sfxag3tG6TmJpDnzevg34QD9GsWFWIUoLBpuFi2UXEexsaZ7P4
2024-10-07 18:47:14 UTC	1454	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 32 36 38 33 33 35 30 35 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728326833505",null,null,null
2024-10-07 18:47:15 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 18:47:14 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 18:47:15 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 18:47:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	60291	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:15 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:15 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 4ef38422-401e-000a-160c-174a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184715Z-1657d5bbd48sdh4cyzadbb374800000003tg000000004s1n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:15 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	60292	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:15 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:15 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 4d8e59a4-701e-0021-64fe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184715Z-1657d5bbd48sqtlf1huhzuwq7000000003n000000000cwev x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:15 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	60293	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:15 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:15 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: c326dec7-201e-0003-0c12-17f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184715Z-1657d5bbd4824mj9d6vp65b6n400000003yg0000000135cv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:15 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	60294	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:15 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:15 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 75ef523f-601e-000d-02f2-162618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184715Z-1657d5bbd48cpbzgkvtewk0wu000000003v000000000yv3s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:15 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	60295	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:15 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:15 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: 5b9c68d2-a01e-0053-7fac-188603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184715Z-1657d5bbd48hzllksrq1r6zsvs000000014000000000bv66 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:15 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	60296	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:15 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:15 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: c9f5e5fc-201e-0071-5dfe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184715Z-1657d5bbd48vhs7r2p1ky7cs5w0000000490000000001zfs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:15 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	60297	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:15 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:15 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: 87e265fd-201e-0051-4fe7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184715Z-1657d5bbd48t66tjar5xuq22r800000003v000000000fzyf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:15 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	60298	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:15 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:15 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 3e7839e3-701e-0053-5cff-163a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184715Z-1657d5bbd487nf59mzf5b3gk8n00000003d000000000vdsu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:15 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	60299	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:15 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:15 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: c7b470af-b01e-005c-24fe-164c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184715Z-1657d5bbd48cpbzgkvtewk0wu000000003w000000000vk5t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:15 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	60300	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:15 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:15 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: dfa7567c-f01e-003f-67de-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184715Z-1657d5bbd48f7nlxc7n5fnfzh000000003gg00000000evwu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:15 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	60301	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:16 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:16 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: 20e89b60-501e-008c-3a03-17cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184716Z-1657d5bbd48sdh4cyzadbb374800000003n000000000ukrd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:16 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	60302	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:16 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:16 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: 838d7376-001e-0014-17fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184716Z-1657d5bbd487nf59mzf5b3gk8n00000003mg000000001s9b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:16 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	60304	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:16 UTC	192	OUT	GET /rules/rule702150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:16 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT ETag: "0x8DC582BEDC8193E" x-ms-request-id: b1fbfe33-a01e-003d-4fd4-1698d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184716Z-1657d5bbd48tnj6wmberkg2xy800000003zg00000000bmt1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:16 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	60303	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:16 UTC	192	OUT	GET /rules/rule702151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:16 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE156D2EE" x-ms-request-id: 7d18055e-701e-0098-56ff-16395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184716Z-1657d5bbd487nf59mzf5b3gk8n00000003m0000000003sv4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:16 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	60305	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:16 UTC	192	OUT	GET /rules/rule703001v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:16 GMT Content-Type: text/xml Content-Length: 1406 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB16F27E" x-ms-request-id: 770fdf22-501e-0035-0d02-17c923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184716Z-1657d5bbd48tqvfc1ysmtbdrg000000003tg000000006wyk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:16 UTC	1406	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	60306	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:17 UTC	192	OUT	GET /rules/rule703000v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:17 GMT Content-Type: text/xml Content-Length: 1369 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE32FE1A2" x-ms-request-id: c55b1dc3-701e-0097-42e9-16b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184717Z-1657d5bbd48cpbzgkvtewk0wu00000000420000000001c0c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:17 UTC	1369	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	60307	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 18:47:17 UTC	192	OUT	GET /rules/rule700751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 18:47:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 18:47:17 GMT Content-Type: text/xml Content-Length: 1414 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE03B051D" x-ms-request-id: 4543d13f-701e-0050-5a04-176767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T184717Z-1657d5bbd48jwrqbupe3ktsx9w00000003y0000000014f20 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 18:47:17 UTC	1414	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Target ID:	0
Start time:	14:45:57
Start date:	07/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xa80000
File size:	919'040 bytes
MD5 hash:	E5DEE324E4D2C335DC57F68AB1230B91
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	14:45:57
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0x280000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	14:45:57
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	14:45:57
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0x280000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	14:45:57
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	14:45:57
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x280000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	14:45:57
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	14:45:57
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0x280000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	14:45:57
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	14:45:58
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0x280000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	14:45:58
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	14:45:59
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	14:45:59
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=2008,i,16001963965146608376,17466102332235184443,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	14:46:10
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5356 --field-trial-handle=2008,i,16001963965146608376,17466102332235184443,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	14:46:10
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=2008,i,16001963965146608376,17466102332235184443,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.6%
Total number of Nodes:	1607
Total number of Limit Nodes:	52

Executed Functions

Function 00A842DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 00A8430D

Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A

GetCurrentProcess.KERNEL32(?,00B1CB64,00000000,?,?), ref: 00A84422
IsWow64Process.KERNEL32(00000000,?,?), ref: 00A84429
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00A84454
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00A84466
GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00A84474
FreeLibrary.KERNEL32(00000000,?,?), ref: 00A8447B
GetSystemInfo.KERNEL32(?,?,?), ref: 00A844A0

Strings

|O, xrefs: 00AC36F8
kernel32.dll, xrefs: 00A8444F
GetNativeSystemInfo, xrefs: 00A84460

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: 2daba40f0f0c45baea59a0b80a4b7fa19e3ffb0d23ab8f6025bdc8844bd563d3
Instruction ID: a12c3e87b76067585a16437cf56908e7bcbcdc7b61620875501a7d32c3e0d904
Opcode Fuzzy Hash: 2daba40f0f0c45baea59a0b80a4b7fa19e3ffb0d23ab8f6025bdc8844bd563d3
Instruction Fuzzy Hash: B1A1A17294A3C0FFDB11D76DBC657957FE46F3A346B088CEDD08197A22DA204908CB29

Function 00A842A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00A850AA,?,?,00000000,00000000), ref: 00A842B2
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00A850AA,?,?,00000000,00000000), ref: 00A842C9
LoadResource.KERNEL32(?,00000000,?,?,00A850AA,?,?,00000000,00000000,?,?,?,?,?,?,00A84F20), ref: 00AC35BE
SizeofResource.KERNEL32(?,00000000,?,?,00A850AA,?,?,00000000,00000000,?,?,?,?,?,?,00A84F20), ref: 00AC35D3
LockResource.KERNEL32(00A850AA,?,?,00A850AA,?,?,00000000,00000000,?,?,?,?,?,?,00A84F20,?), ref: 00AC35E6

Strings

SCRIPT, xrefs: 00A842BF

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: 85003a10613887bc30d01d000a1da82b790a424821b6cf3e3bfc74526d3fd07f
Instruction ID: 0fcefbf236babf106bca2f7f340c77b995cc1ead9adf08d4614e01a0338017dd
Opcode Fuzzy Hash: 85003a10613887bc30d01d000a1da82b790a424821b6cf3e3bfc74526d3fd07f
Instruction Fuzzy Hash: 20117C75244705BFDB219B65DC48FA77FB9EBC9B55F208169B402D7260EB71D8008A60

Function 00AC2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryW.KERNEL32(?), ref: 00A82B6B

Part of subcall function 00A83A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00B51418,?,00A82E7F,?,?,?,00000000), ref: 00A83A78

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

GetForegroundWindow.USER32(runas,?,?,?,?,?,00B42224), ref: 00AC2C10
ShellExecuteW.SHELL32(00000000,?,?,00B42224), ref: 00AC2C17

Strings

runas, xrefs: 00AC2C0B

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
String ID: runas
API String ID: 448630720-4000483414
Opcode ID: acde094dd9ac3a445ea1b35529ee2aca92c0824e3871f04c41441cde9796c78d
Instruction ID: 77275fc940becdd42289214fbc3637cd40777a5e6ff395e1c817d7f5a335feca
Opcode Fuzzy Hash: acde094dd9ac3a445ea1b35529ee2aca92c0824e3871f04c41441cde9796c78d
Instruction Fuzzy Hash: 3A11E6322083016ACB15FF64DA56FBEBBE8EF91741F44186DF082571A3CF218A4AD712

Function 00B0A67C Relevance: 6.2, APIs: 4, Instructions: 175
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00B0A6AC
Process32FirstW.KERNEL32(00000000,?), ref: 00B0A6BA

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Process32NextW.KERNEL32(00000000,?), ref: 00B0A79C
CloseHandle.KERNELBASE(00000000), ref: 00B0A7AB

Part of subcall function 00A9CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00AC3303,?), ref: 00A9CE8A

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: 10a3e29da5ae1bce2563e0b29a255e17831756b8a23412446628a7f18873b4cf
Instruction ID: a30ba309ec37bd2a02fdbf6a6e8c1c2587d784fffce5796201de96cceb5c06c3
Opcode Fuzzy Hash: 10a3e29da5ae1bce2563e0b29a255e17831756b8a23412446628a7f18873b4cf
Instruction Fuzzy Hash: D6518B71508311AFD710EF24C986E6BBBE8FF89754F00892DF589A7291EB30D904CB92

Function 00AEDBBE Relevance: 6.0, APIs: 4, Instructions: 29
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(?,00AC5222), ref: 00AEDBCE
GetFileAttributesW.KERNELBASE(?), ref: 00AEDBDD
FindFirstFileW.KERNEL32(?,?), ref: 00AEDBEE
FindClose.KERNEL32(00000000), ref: 00AEDBFA

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID:
API String ID: 2695905019-0
Opcode ID: ebc583692d53de2828b80a8887c1e6cae4008d62c028d13602c76f362428763b
Instruction ID: 9f457b526094b801aab967788bd205d82f2437ab4edaf51a0ff85d90e04e75c6
Opcode Fuzzy Hash: ebc583692d53de2828b80a8887c1e6cae4008d62c028d13602c76f362428763b
Instruction Fuzzy Hash: 4FF0E5308509106782206F7CAC0D8EA3B7C9E81374BA08702F836C30F0EFB05D64C6D6

Function 00AA4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00AB28E9,?,00AA4CBE,00AB28E9,00B488B8,0000000C,00AA4E15,00AB28E9,00000002,00000000,?,00AB28E9), ref: 00AA4D09
TerminateProcess.KERNEL32(00000000,?,00AA4CBE,00AB28E9,00B488B8,0000000C,00AA4E15,00AB28E9,00000002,00000000,?,00AB28E9), ref: 00AA4D10
ExitProcess.KERNEL32 ref: 00AA4D22

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 5bb1b2a17f3a737aeaf9709c3e781c15dbdb48926b48b5d6991c0faa4ee85e77
Instruction ID: 9ea91281e2ee7e79e986bade2b91d73a2fe7e39e4072a9294b2e9e5b09409ae9
Opcode Fuzzy Hash: 5bb1b2a17f3a737aeaf9709c3e781c15dbdb48926b48b5d6991c0faa4ee85e77
Instruction Fuzzy Hash: A9E0B631040148AFCF11AF54EE09A997F69EB86785B508014FD159B162DB75DE52CA84

Function 00B0AFF9 Relevance: 24.4, APIs: 16, Instructions: 418
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcslen.LIBCMT ref: 00B0B198
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00B0B1B0
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00B0B1D4
_wcslen.LIBCMT ref: 00B0B200
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00B0B214
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00B0B236
_wcslen.LIBCMT ref: 00B0B332

Part of subcall function 00AF05A7: GetStdHandle.KERNEL32(000000F6), ref: 00AF05C6

_wcslen.LIBCMT ref: 00B0B34B
_wcslen.LIBCMT ref: 00B0B366
CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00B0B3B6
GetLastError.KERNEL32(00000000), ref: 00B0B407
CloseHandle.KERNEL32(?), ref: 00B0B439
CloseHandle.KERNEL32(00000000), ref: 00B0B44A
CloseHandle.KERNEL32(00000000), ref: 00B0B45C
CloseHandle.KERNEL32(00000000), ref: 00B0B46E
CloseHandle.KERNEL32(?), ref: 00B0B4E3

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: f6ee22210271c750b447b19beaf690783350f04728bf3bb5ee4e7a8dcc6e8adb
Instruction ID: 84a75d669de812250ced9dbcf58219384ea78f269fd4cb75ddc08877523f732b
Opcode Fuzzy Hash: f6ee22210271c750b447b19beaf690783350f04728bf3bb5ee4e7a8dcc6e8adb
Instruction Fuzzy Hash: 8DF179316082409FCB14EF24C991F6EBBE5EF85714F18859DF8969B2A2DB31EC40CB52

Function 00A8D730 Relevance: 21.6, APIs: 14, Instructions: 618windowsleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00A8D807
timeGetTime.WINMM ref: 00A8DA07
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A8DB28
TranslateMessage.USER32(?), ref: 00A8DB7B
DispatchMessageW.USER32(?), ref: 00A8DB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A8DB9F
Sleep.KERNELBASE(0000000A), ref: 00A8DBB1

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
String ID:
API String ID: 2189390790-0
Opcode ID: 890643970abd7c11746e7b1c53e7324004852c0682a119b7a7b60b216e69d3fe
Instruction ID: 9285d1ac9cbe51205aec4b9fd44bb01f8637e5279b84b84cc65359ee4cfe942d
Opcode Fuzzy Hash: 890643970abd7c11746e7b1c53e7324004852c0682a119b7a7b60b216e69d3fe
Instruction Fuzzy Hash: 5A42B070608341EFDB28EF24C844BAABBF1BF95314F54895AE496873D1DB71E844CB92

Function 00A82CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00A82D07
RegisterClassExW.USER32(00000030), ref: 00A82D31
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A82D42
InitCommonControlsEx.COMCTL32(?), ref: 00A82D5F
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A82D6F
LoadIconW.USER32(000000A9), ref: 00A82D85
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A82D94

Strings

AutoIt v3 GUI, xrefs: 00A82D23
0, xrefs: 00A82CE9
+, xrefs: 00A82CF0
TaskbarCreated, xrefs: 00A82D37

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 504febea6c5a04ef5edd32c8cd47d249444efe217b8ebf30bea1df15f7552814
Instruction ID: d8e38f2812a2ba2a49bfd77f8378c0f3c9fcca840cbabab9049218e78158254c
Opcode Fuzzy Hash: 504febea6c5a04ef5edd32c8cd47d249444efe217b8ebf30bea1df15f7552814
Instruction Fuzzy Hash: 6D21E2B5941308AFDB01DFA8EC49BDDBFB8FB08701F00855AE511A72A0DBB14A408F94

Function 00AC065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00AC039A: CreateFileW.KERNELBASE(00000000,00000000,?,00AC0704,?,?,00000000,?,00AC0704,00000000,0000000C), ref: 00AC03B7

GetLastError.KERNEL32 ref: 00AC076F
__dosmaperr.LIBCMT ref: 00AC0776
GetFileType.KERNELBASE(00000000), ref: 00AC0782
GetLastError.KERNEL32 ref: 00AC078C
__dosmaperr.LIBCMT ref: 00AC0795
CloseHandle.KERNEL32(00000000), ref: 00AC07B5
CloseHandle.KERNEL32(?), ref: 00AC08FF
GetLastError.KERNEL32 ref: 00AC0931
__dosmaperr.LIBCMT ref: 00AC0938

Strings

H, xrefs: 00AC08BD

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 44da0d9f7eb6bddf88f4bd1263be9cf9bee0ff5170a668ded8b81303be7eb903
Instruction ID: 6e6d6cee9604562667a8f03f2b8962965b9ab54e18f9f9ebf7e6893b9190babe
Opcode Fuzzy Hash: 44da0d9f7eb6bddf88f4bd1263be9cf9bee0ff5170a668ded8b81303be7eb903
Instruction Fuzzy Hash: 4CA11332A14608CFDF19AF68D851FAE7BA0AB0A320F15415DF815AF3D2DB359D12CB91

Function 00A8344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00A83A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00B51418,?,00A82E7F,?,?,?,00000000), ref: 00A83A78

Part of subcall function 00A83357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00A83379

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00A8356A
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00AC318D
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00AC31CE
RegCloseKey.ADVAPI32(?), ref: 00AC3210
_wcslen.LIBCMT ref: 00AC3277
_wcslen.LIBCMT ref: 00AC3286

Strings

Software\AutoIt v3\AutoIt, xrefs: 00A83560
\Include\, xrefs: 00A83527
\, xrefs: 00AC328C
Include, xrefs: 00AC3184, 00AC31C5

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: cc0c802768701c5d65345e827cc0ca57c7ffb359a9dec6f15e0afc8dffc8ce15
Instruction ID: 4171e989bc7f7dde88da8843430b5b2870a5c10daa931c9bf056b65294f3a303
Opcode Fuzzy Hash: cc0c802768701c5d65345e827cc0ca57c7ffb359a9dec6f15e0afc8dffc8ce15
Instruction Fuzzy Hash: CF71C0724093019ED704EF65DD82EABBBE8FF9A740F80446EF545931B0EB309A48CB56

Function 00A82B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00A82B8E
LoadCursorW.USER32(00000000,00007F00), ref: 00A82B9D
LoadIconW.USER32(00000063), ref: 00A82BB3
LoadIconW.USER32(000000A4), ref: 00A82BC5
LoadIconW.USER32(000000A2), ref: 00A82BD7
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00A82BEF
RegisterClassExW.USER32(?), ref: 00A82C40

Part of subcall function 00A82CD4: GetSysColorBrush.USER32(0000000F), ref: 00A82D07
Part of subcall function 00A82CD4: RegisterClassExW.USER32(00000030), ref: 00A82D31
Part of subcall function 00A82CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A82D42
Part of subcall function 00A82CD4: InitCommonControlsEx.COMCTL32(?), ref: 00A82D5F
Part of subcall function 00A82CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A82D6F
Part of subcall function 00A82CD4: LoadIconW.USER32(000000A9), ref: 00A82D85
Part of subcall function 00A82CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A82D94

Strings

0, xrefs: 00A82C0F
AutoIt v3, xrefs: 00A82C2F
#, xrefs: 00A82C16

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: d7f64807fe60971398ed0aba6b74f68be2dc469206431c2d37ca88c87158b472
Instruction ID: 54526442a090729edbbcc61b396d3b91548e50ad8275af774ee989adf1f81d2f
Opcode Fuzzy Hash: d7f64807fe60971398ed0aba6b74f68be2dc469206431c2d37ca88c87158b472
Instruction Fuzzy Hash: C4212C75E40314BBDB10DFA9EC65BA97FB4FB48B51F00459AE500A76A0DBB14940CF98

Function 00A83170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00A8316A,?,?), ref: 00A831D8
KillTimer.USER32(?,00000001,?,?,?,?,?,00A8316A,?,?), ref: 00A83204
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A83227
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00A8316A,?,?), ref: 00A83232
CreatePopupMenu.USER32 ref: 00A83246
PostQuitMessage.USER32(00000000), ref: 00A83267

Strings

TaskbarCreated, xrefs: 00A8322D

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: 33c18494d445df9e494200de268b79de4644cb3adba58965af3a9432c1f5a6d0
Instruction ID: 9b0149b6478a09dd753a8d20c413d155d5059194fc730feed1608fcc10f2b3bf
Opcode Fuzzy Hash: 33c18494d445df9e494200de268b79de4644cb3adba58965af3a9432c1f5a6d0
Instruction Fuzzy Hash: 6E412533240204AADF157F7C9D1DBBD3E69EB15F01F0446A9FA02872E1EFA19E418B61

Function 00A81410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00A81459
CoUninitialize.COMBASE ref: 00A814F8
UnregisterHotKey.USER32(?), ref: 00A816DD
DestroyWindow.USER32(?), ref: 00AC24B9
FreeLibrary.KERNEL32(?), ref: 00AC251E
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00AC254B

Strings

close all, xrefs: 00A81454

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: 593a195a3d20d6b21ca1551737bf371e3edd437c4265033e1de230956af78058
Instruction ID: 42f2b75d863bb9aefb37cdfdd6617b3fd0d6a239fd7d1a5c799e6a494b5c37f7
Opcode Fuzzy Hash: 593a195a3d20d6b21ca1551737bf371e3edd437c4265033e1de230956af78058
Instruction Fuzzy Hash: 5AD147317012128FDB29EF15CA99F69F7A4BF05700F2542ADE44AAB261DB30AD13CF91

Function 00A82C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00A82C91
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00A82CB2
ShowWindow.USER32(00000000,?,?,?,?,?,?,00A81CAD,?), ref: 00A82CC6
ShowWindow.USER32(00000000,?,?,?,?,?,?,00A81CAD,?), ref: 00A82CCF

Strings

AutoIt v3, xrefs: 00A82C89, 00A82C8E, 00A82C8F
edit, xrefs: 00A82CAC

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: bf50a22d434c1d8f88b70657125570ebf30489f6c666d950fcd335ac5d8bb63f
Instruction ID: 8528698cb382afb30aa0f3d6e6dbde41c8832322707d82442e96f1870251e032
Opcode Fuzzy Hash: bf50a22d434c1d8f88b70657125570ebf30489f6c666d950fcd335ac5d8bb63f
Instruction Fuzzy Hash: 68F03A755803907AEB310B1BAC18FB72EBDD7C6F61F01449AF900A31B0CA610840DAB8

Function 00A83B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00A83B0F,SwapMouseButtons,00000004,?), ref: 00A83B40
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00A83B0F,SwapMouseButtons,00000004,?), ref: 00A83B61
RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00A83B0F,SwapMouseButtons,00000004,?), ref: 00A83B83

Strings

Control Panel\Mouse, xrefs: 00A83B3E

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: 148d19427e73264f1114dbdda428912a4c5d2e0bfb974549c12ca7f7d289ec99
Instruction ID: 361b2ea40ddbd2c0bdd26b0bea4f9cfc8d8bbc5217ac4b3ea8ac4c131837ca48
Opcode Fuzzy Hash: 148d19427e73264f1114dbdda428912a4c5d2e0bfb974549c12ca7f7d289ec99
Instruction Fuzzy Hash: AE112AB6510208FFDF21DFA5DC48AEEBBB8EF04B84B108459A806D7110E6719F409760

Function 00A83923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00AC33A2

Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A83A04

Strings

Line: , xrefs: 00AC33EB

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line:
API String ID: 2289894680-1585850449
Opcode ID: d043f14bb0d7be4e81a1cebde926df53bce52c2d425dff2c99b1ecb1f06e92c7
Instruction ID: 1d9184d3b820dbe5e820ba810f4b5c3302222c4d65204b057a2426f1375e4262
Opcode Fuzzy Hash: d043f14bb0d7be4e81a1cebde926df53bce52c2d425dff2c99b1ecb1f06e92c7
Instruction Fuzzy Hash: 5D31CF72408300AADB25FB24DC55BEBB7E8AB40B10F00496EF59A97191EF709A49C7C6

Function 00A9FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00AA0668

Part of subcall function 00AA32A4: RaiseException.KERNEL32(?,?,?,00AA068A,?,00B51444,?,?,?,?,?,?,00AA068A,00A81129,00B48738,00A81129), ref: 00AA3304

__CxxThrowException@8.LIBVCRUNTIME ref: 00AA0685

Strings

Unknown exception, xrefs: 00AA0692

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: 93edff4ff68ed023ac4d40cc470c8119a5dfb0171573453d8d2dd44b848fca07
Instruction ID: 6c6003fee8d07ef2c1664903574ff9d568f2106e6c024a855b707f42aacf11cf
Opcode Fuzzy Hash: 93edff4ff68ed023ac4d40cc470c8119a5dfb0171573453d8d2dd44b848fca07
Instruction Fuzzy Hash: 56F0C234A0020D7B8F00B7A4D946DAE77AC5E42358B604171B814D75E1EFB1EB69C5C0

Function 00A810F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON

Download Yara Rule

APIs

Part of subcall function 00A81BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A81BF4
Part of subcall function 00A81BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00A81BFC
Part of subcall function 00A81BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A81C07
Part of subcall function 00A81BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A81C12
Part of subcall function 00A81BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00A81C1A
Part of subcall function 00A81BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00A81C22

Part of subcall function 00A81B4A: RegisterWindowMessageW.USER32(00000004,?,00A812C4), ref: 00A81BA2

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00A8136A
OleInitialize.OLE32 ref: 00A81388
CloseHandle.KERNEL32(00000000,00000000), ref: 00AC24AB

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: a4137cd03fefac0c8f3cbd276562f7e815aa6cb6189caf7d701ebf479c50db77
Instruction ID: 0c6c20a70c9c906960dedff233462016d040db3903a9d540716ea9b5d35e0570
Opcode Fuzzy Hash: a4137cd03fefac0c8f3cbd276562f7e815aa6cb6189caf7d701ebf479c50db77
Instruction Fuzzy Hash: 9C71B6B59023008ED785EF7DBA457A53AE4BBA83867548EEAD41AC7361FF304885CF50

Function 00AEC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A83923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A83A04

Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00AEC259
KillTimer.USER32(?,00000001,?,?), ref: 00AEC261
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00AEC270

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: de86bf545dfab11a608d1b97e1cea2f833eb61513923be0e1f050f0ff208a1b3
Instruction ID: ce7f237684f6463f448543216748aec29aa9c1d8523436476f6d771ece699384
Opcode Fuzzy Hash: de86bf545dfab11a608d1b97e1cea2f833eb61513923be0e1f050f0ff208a1b3
Instruction Fuzzy Hash: 3031D570904384AFEB32AF758855BEBBBFC9F06314F00449EE2DA97241C7745A86CB51

Function 00AB86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,?,?,00AB85CC,?,00B48CC8,0000000C), ref: 00AB8704
GetLastError.KERNEL32(?,00AB85CC,?,00B48CC8,0000000C), ref: 00AB870E
__dosmaperr.LIBCMT ref: 00AB8739

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr
String ID:
API String ID: 2583163307-0
Opcode ID: 299b072e0650dbac25d41e5f2659b23fbe58cf6c4931d76a04147778d4b27163
Instruction ID: b62a99bbf24d58527a8fe573d6f09779fcaad0f927a05f5d1d45a97ae0688036
Opcode Fuzzy Hash: 299b072e0650dbac25d41e5f2659b23fbe58cf6c4931d76a04147778d4b27163
Instruction Fuzzy Hash: 6A014E32A0572026D664733CA9557FE6B9D4B92778F390159F8148F1D3DEB8CC81D150

Function 00A8DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 00A8DB7B
DispatchMessageW.USER32(?), ref: 00A8DB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A8DB9F
Sleep.KERNELBASE(0000000A), ref: 00A8DBB1
TranslateAcceleratorW.USER32(?,?,?), ref: 00AD1CC9

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchPeekSleep
String ID:
API String ID: 3288985973-0
Opcode ID: 532381368b20759fbc6d05a6ec66bc7410ac4042e9b18cb7237c19efa933bfb5
Instruction ID: 2d122ac9e5dd2bba04406a4d8872e69f75ce5623849c35a9d8c58cdbb2af5f10
Opcode Fuzzy Hash: 532381368b20759fbc6d05a6ec66bc7410ac4042e9b18cb7237c19efa933bfb5
Instruction Fuzzy Hash: 7BF05E306443409BEB30DB608C49FEA77A9EB45311F508919E65A830C0DF7098488B25

Function 00A91310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00A917F6

Strings

CALL, xrefs: 00A917C6

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: dd4f2387a0c9f1ce16071171fa6fa5d86e4f73d57170a840802c653863cffacb
Instruction ID: 4debb884a98a4e51ae94e70994ae7b005391f74b850ff663eeddb282c6023a84
Opcode Fuzzy Hash: dd4f2387a0c9f1ce16071171fa6fa5d86e4f73d57170a840802c653863cffacb
Instruction Fuzzy Hash: 6C228BB46083029FCB14DF14C584B2ABBF1BF89314F29895DF5968B3A2D731E945CB92

Function 00A82DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 00AC2C8C

Part of subcall function 00A83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A83A97,?,?,00A82E7F,?,?,?,00000000), ref: 00A83AC2

Part of subcall function 00A82DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00A82DC4

Strings

X, xrefs: 00AC2C5A

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X
API String ID: 779396738-3081909835
Opcode ID: 1fc35abb5930b04289a46070919c3417fec31fcc686c8c2664dceb735db7c33b
Instruction ID: 58a730e53c2986fa6dacd10e5caa5d173b8820fdceba1fdf916e44cbb634ab3f
Opcode Fuzzy Hash: 1fc35abb5930b04289a46070919c3417fec31fcc686c8c2664dceb735db7c33b
Instruction Fuzzy Hash: F021B771A002589FDF01EF94C949BEE7BFCAF49715F008059E405B7241DBB45A898FA1

Function 00A83837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A83908

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 5f51b6139bddc1288164ebce9e8d5268362626f8cfd22a46c5f1e999caa8f299
Instruction ID: d3945723bd1b4a6c517635ae33e366bb7befa1b8834c6eb82645ef614a0ee4bb
Opcode Fuzzy Hash: 5f51b6139bddc1288164ebce9e8d5268362626f8cfd22a46c5f1e999caa8f299
Instruction Fuzzy Hash: DE3193715043019FDB20EF24D894797BBE4FB49709F00096EF59987250EB71AA44CB52

Function 00A9F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00A9F661

Part of subcall function 00A8D730: GetInputState.USER32 ref: 00A8D807

Sleep.KERNEL32(00000000), ref: 00ADF2DE

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: InputSleepStateTimetime
String ID:
API String ID: 4149333218-0
Opcode ID: 1252358bc7003941cf336eab2a456d0f6e38ebdde1d2ad200ff403fd39da929f
Instruction ID: 25ab10f43cad830e668693b51d421d2dc2a17f265661ef3880d331c36ea51415
Opcode Fuzzy Hash: 1252358bc7003941cf336eab2a456d0f6e38ebdde1d2ad200ff403fd39da929f
Instruction Fuzzy Hash: 7BF082712803059FD314FF65D545B9ABBE4EF45760F004029E85AC73A1DB70A800CB90

Function 00A8B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00A8BB4E

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: 85f7d678ea5678c9868280b80a993fc580baeb6a71313f14d573fb1485649781
Instruction ID: 67d1596d4480087d191de2c349764e16a96255bdd43d0a00e6f755b58ba38a9a
Opcode Fuzzy Hash: 85f7d678ea5678c9868280b80a993fc580baeb6a71313f14d573fb1485649781
Instruction Fuzzy Hash: F832AB34A002099FDB24EF54C894FBEB7B9EF45340F18809AE916AB361D774ED41CBA1

Function 00A84ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A84E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A84EDD,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84E9C
Part of subcall function 00A84E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A84EAE
Part of subcall function 00A84E90: FreeLibrary.KERNEL32(00000000,?,?,00A84EDD,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84EC0

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84EFD

Part of subcall function 00A84E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00AC3CDE,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84E62
Part of subcall function 00A84E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A84E74
Part of subcall function 00A84E59: FreeLibrary.KERNEL32(00000000,?,?,00AC3CDE,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84E87

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: f936b5ab68e8235e9745e8c89b56583751af2a5be0fcc924dc47e68579162d5c
Instruction ID: 5a8df62306b267249aa0ab9d9c43d4dfddee8159d0fe6ccf55c420d43da0ca0c
Opcode Fuzzy Hash: f936b5ab68e8235e9745e8c89b56583751af2a5be0fcc924dc47e68579162d5c
Instruction Fuzzy Hash: 8B11E332600206AACF14FF70DE02FED77A5AF48B14F20842EF642A61D1EE709E459B90

Function 00AB8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00AB8440

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: cb9d16bfaefe56ca91b4ce430b0448bf34a4900a5faadc3b1034f3fe3c0e7357
Instruction ID: 2c065155f934ae03b318901469a2de5f674d7456fcb1080a86ed429e3a6202e1
Opcode Fuzzy Hash: cb9d16bfaefe56ca91b4ce430b0448bf34a4900a5faadc3b1034f3fe3c0e7357
Instruction Fuzzy Hash: 9B11187590420AAFCF05DF58E941ADA7BF9EF48314F114199FC08AB312DA31DA11CBA5

Function 00B129BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?,?,?,00B114B5,?), ref: 00B12A01

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: 1203ff758a2badfeb36dd41635d1bf5c760bae75d7f83d4c70129d931961ae8f
Instruction ID: 67aa28cc21d77dd34d6e614707fad01c9280eb3fe801809fc021c91efc2c38d5
Opcode Fuzzy Hash: 1203ff758a2badfeb36dd41635d1bf5c760bae75d7f83d4c70129d931961ae8f
Instruction Fuzzy Hash: EF019E36350A419FD3258B6CC494BA23BD2EF85354FA984A8C0478B251DB32EC92C7A0

Function 00AAE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction ID: 5c720be89bbabe7fa1cdbdf1bbe034fe030e169de2f175af08e4c741acb0de7d
Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction Fuzzy Hash: 3DF0F432511A10AAD6317B698E05B9A739C9F53330F100F1AF425931D3DB74D80586A5

Function 00AB3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,00B51444,?,00A9FDF5,?,?,00A8A976,00000010,00B51440,00A813FC,?,00A813C6,?,00A81129), ref: 00AB3852

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 0aec889a6b9f3c72acd47269aaa1ab68b9e5b3ae521b2c47b0c8e5569108ff6c
Instruction ID: 3fce964ddd8493587830abb293876afe77533f575295570838016d861941c32e
Opcode Fuzzy Hash: 0aec889a6b9f3c72acd47269aaa1ab68b9e5b3ae521b2c47b0c8e5569108ff6c
Instruction Fuzzy Hash: AEE0A0331423246ADE212BFA9D00BDA365CAB827B0F160021BC04934D2DB509D0181E2

Function 00A84F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84F6D

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 9c96fc223ef94cc3b11c5fb8a728f0f37be2fc7ae0e447c01174fcda7ceb6ea0
Instruction ID: 0ca0cee64526943acd640547917ef84d0493d2687fead791ffe23d9f852ed2fa
Opcode Fuzzy Hash: 9c96fc223ef94cc3b11c5fb8a728f0f37be2fc7ae0e447c01174fcda7ceb6ea0
Instruction Fuzzy Hash: 58F03971105752CFDB34AF64D590822BBF4BF187293258A7EE2EA83621CB319C44DF10

Function 00B12A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00B12A66

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: 02e25c0b6ad95ae7cafde8bcd6894ed507e6e6b1cf8d69f1dad70af69c22664f
Instruction ID: 743c129c650ea516b4bbc2e4c7f69103f9dea92e33dd7f6cae489d60006be3c5
Opcode Fuzzy Hash: 02e25c0b6ad95ae7cafde8bcd6894ed507e6e6b1cf8d69f1dad70af69c22664f
Instruction Fuzzy Hash: 4CE04F363A011AAACB14EB31DCC48FA779CEF55395750457ABC16C3100DB30A9A586A0

Function 00A830F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000002,?), ref: 00A8314E

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 3a8c518591d812c2fe3cfb3f74b9f7a48e7d5087baba076fa8f6f3e5d41240d3
Instruction ID: fc0d8fa4b39032ca15a5b506a5978329eea1e987c8e48436dda56af65649558c
Opcode Fuzzy Hash: 3a8c518591d812c2fe3cfb3f74b9f7a48e7d5087baba076fa8f6f3e5d41240d3
Instruction Fuzzy Hash: D5F03070914318AFEB529B28DC4A7DA7BBCAB01708F0005E9A68897292DB745B89CF55

Function 00A82DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00A82DC4

Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: ea94aa46a1f3da6d77362688306c5342cfe30d907f9202d6fb3661b0534c8ecc
Instruction ID: dc883996c23a11785ed340b6d548cef69ecc23eeec340073b971e92afbb7fd81
Opcode Fuzzy Hash: ea94aa46a1f3da6d77362688306c5342cfe30d907f9202d6fb3661b0534c8ecc
Instruction Fuzzy Hash: 2EE0C272A002245BCB20A6989C0AFEA77EDDFC8794F0540B6FD09E7248DA70ED808690

Function 00A82B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00A83837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A83908

Part of subcall function 00A8D730: GetInputState.USER32 ref: 00A8D807

SetCurrentDirectoryW.KERNEL32(?), ref: 00A82B6B

Part of subcall function 00A830F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00A8314E

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: IconNotifyShell_$CurrentDirectoryInputState
String ID:
API String ID: 3667716007-0
Opcode ID: 1965a6841f35da200d937a17d9fcf6a2b4bb73988a08b83b65120c3855cc7259
Instruction ID: ee4ed1403ae1cbdda77576167731a2d719a7774724a9e0a37059b7efbeec7c09
Opcode Fuzzy Hash: 1965a6841f35da200d937a17d9fcf6a2b4bb73988a08b83b65120c3855cc7259
Instruction Fuzzy Hash: B2E0863370424406CE04BB74AA566BDA7599BD1756F40197EF542472A2CE2449494752

Function 00AC039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00AC0704,?,?,00000000,?,00AC0704,00000000,0000000C), ref: 00AC03B7

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: b776737d84c988da700726b8a564ee3827695a029b094eb2d6f945b055fef015
Instruction ID: b8d9eef3d3a76fbbd67537f88c4555b729ddf64e3224afe741e551ec1f067939
Opcode Fuzzy Hash: b776737d84c988da700726b8a564ee3827695a029b094eb2d6f945b055fef015
Instruction Fuzzy Hash: FFD06C3208010DBBDF028F84DD06EDA3FAAFB48714F018000BE18A6020C732E831AB90

Function 00A81CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00A81CBC

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: 4f2b0f2ea3f7cef68d2ae65e25af08b6b3f84da139c69aeafe108f947fabd59c
Instruction ID: 896f58e01bf12f7d65285ee406927c5d629dfadd85666f3ef4bce10debaf113c
Opcode Fuzzy Hash: 4f2b0f2ea3f7cef68d2ae65e25af08b6b3f84da139c69aeafe108f947fabd59c
Instruction Fuzzy Hash: 79C092362C1304AFF2158B84BC5BF507B65A368B02F448841FA09AB5F3DBA22820EA54

Non-executed Functions

Function 00B19576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00B1961A
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00B1965B
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00B1969F
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B196C9
SendMessageW.USER32 ref: 00B196F2
GetKeyState.USER32(00000011), ref: 00B1978B
GetKeyState.USER32(00000009), ref: 00B19798
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00B197AE
GetKeyState.USER32(00000010), ref: 00B197B8
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B197E9
SendMessageW.USER32 ref: 00B19810
SendMessageW.USER32(?,00001030,?,00B17E95), ref: 00B19918
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00B1992E
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00B19941
SetCapture.USER32(?), ref: 00B1994A
ClientToScreen.USER32(?,?), ref: 00B199AF
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00B199BC
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00B199D6
ReleaseCapture.USER32 ref: 00B199E1
GetCursorPos.USER32(?), ref: 00B19A19
ScreenToClient.USER32(?,?), ref: 00B19A26
SendMessageW.USER32(?,00001012,00000000,?), ref: 00B19A80
SendMessageW.USER32 ref: 00B19AAE
SendMessageW.USER32(?,00001111,00000000,?), ref: 00B19AEB
SendMessageW.USER32 ref: 00B19B1A
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00B19B3B
SendMessageW.USER32(?,0000110B,00000009,?), ref: 00B19B4A
GetCursorPos.USER32(?), ref: 00B19B68
ScreenToClient.USER32(?,?), ref: 00B19B75
GetParent.USER32(?), ref: 00B19B93
SendMessageW.USER32(?,00001012,00000000,?), ref: 00B19BFA
SendMessageW.USER32 ref: 00B19C2B
ClientToScreen.USER32(?,?), ref: 00B19C84
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00B19CB4
SendMessageW.USER32(?,00001111,00000000,?), ref: 00B19CDE
SendMessageW.USER32 ref: 00B19D01
ClientToScreen.USER32(?,?), ref: 00B19D4E
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00B19D82

Part of subcall function 00A99944: GetWindowLongW.USER32(?,000000EB), ref: 00A99952

GetWindowLongW.USER32(?,000000F0), ref: 00B19E05

Strings

@GUI_DRAGID, xrefs: 00B1997D
F, xrefs: 00B19D07

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
String ID: @GUI_DRAGID$F
API String ID: 3429851547-4164748364
Opcode ID: 3866d577d0f1ff954937800a6b954fd7da64b38b6ab993bae16e650ad8da3f46
Instruction ID: f75a0bb681a6c8f04a267088a8e453b4697d732d0f7b81e759a8ffa1cd1e6a82
Opcode Fuzzy Hash: 3866d577d0f1ff954937800a6b954fd7da64b38b6ab993bae16e650ad8da3f46
Instruction Fuzzy Hash: A9428F71204281EFD724CF28CC54BEABBE5FF89310F544AA9F595872A1DB319C94CB51

Function 00B14873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00B148F3
SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00B14908
SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00B14927
SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00B1494B
SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00B1495C
SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00B1497B
SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00B149AE
SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00B149D4
SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00B14A0F
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00B14A56
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00B14A7E
IsMenu.USER32(?), ref: 00B14A97
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B14AF2
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B14B20
GetWindowLongW.USER32(?,000000F0), ref: 00B14B94
SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00B14BE3
SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00B14C82
wsprintfW.USER32 ref: 00B14CAE
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B14CC9
GetWindowTextW.USER32(?,00000000,00000001), ref: 00B14CF1
SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00B14D13
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B14D33
GetWindowTextW.USER32(?,00000000,00000001), ref: 00B14D5A

Strings

%d/%02d/%02d, xrefs: 00B14CA8

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
String ID: %d/%02d/%02d
API String ID: 4054740463-328681919
Opcode ID: 6a2a9a35f54bf1224ee4e962a5cd3470d9f4e125662dfda8c84ede4b9c73cf31
Instruction ID: 1622c0225e5d3a54343e3b479537721362b75bd8010a1413382bde88818bf174
Opcode Fuzzy Hash: 6a2a9a35f54bf1224ee4e962a5cd3470d9f4e125662dfda8c84ede4b9c73cf31
Instruction Fuzzy Hash: BE12BB71640214AFEB248F28CC89FEE7BE8EF45710F5441A9F51AEB2A1DB749981CB50

Function 00A9F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00A9F998
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00ADF474
IsIconic.USER32(00000000), ref: 00ADF47D
ShowWindow.USER32(00000000,00000009), ref: 00ADF48A
SetForegroundWindow.USER32(00000000), ref: 00ADF494
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00ADF4AA
GetCurrentThreadId.KERNEL32 ref: 00ADF4B1
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00ADF4BD
AttachThreadInput.USER32(?,00000000,00000001), ref: 00ADF4CE
AttachThreadInput.USER32(?,00000000,00000001), ref: 00ADF4D6
AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00ADF4DE
SetForegroundWindow.USER32(00000000), ref: 00ADF4E1
MapVirtualKeyW.USER32(00000012,00000000), ref: 00ADF4F6
keybd_event.USER32(00000012,00000000), ref: 00ADF501
MapVirtualKeyW.USER32(00000012,00000000), ref: 00ADF50B
keybd_event.USER32(00000012,00000000), ref: 00ADF510
MapVirtualKeyW.USER32(00000012,00000000), ref: 00ADF519
keybd_event.USER32(00000012,00000000), ref: 00ADF51E
MapVirtualKeyW.USER32(00000012,00000000), ref: 00ADF528
keybd_event.USER32(00000012,00000000), ref: 00ADF52D
SetForegroundWindow.USER32(00000000), ref: 00ADF530
AttachThreadInput.USER32(?,000000FF,00000000), ref: 00ADF557

Strings

Shell_TrayWnd, xrefs: 00ADF46F

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: cdf5eeaa24ae4d422551c607b9086bc818a39103724c9c4e71df259906ca73b2
Instruction ID: c99001258ad5bb2b62d7ed78150cad3b029e570d632f910afa8f94cfde8ed0a4
Opcode Fuzzy Hash: cdf5eeaa24ae4d422551c607b9086bc818a39103724c9c4e71df259906ca73b2
Instruction Fuzzy Hash: D2314371A80318BFEB216BB55C4AFBF7E6DEB44B50F504066FA02E71D1CBB15D00AA60

Function 00AE1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 00AE16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00AE170D
Part of subcall function 00AE16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00AE173A
Part of subcall function 00AE16C3: GetLastError.KERNEL32 ref: 00AE174A

LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00AE1286
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00AE12A8
CloseHandle.KERNEL32(?), ref: 00AE12B9
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00AE12D1
GetProcessWindowStation.USER32 ref: 00AE12EA
SetProcessWindowStation.USER32(00000000), ref: 00AE12F4
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00AE1310

Part of subcall function 00AE10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00AE11FC), ref: 00AE10D4
Part of subcall function 00AE10BF: CloseHandle.KERNEL32(?,?,00AE11FC), ref: 00AE10E9

Strings

, xrefs: 00AE125A
default, xrefs: 00AE130B
winsta0, xrefs: 00AE12CC

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
String ID: $default$winsta0
API String ID: 22674027-1027155976
Opcode ID: 2f952e2d944dd5a060511075eea0a5d9fe589db992a3bc829ae2e4e1fd547cc4
Instruction ID: 5d4cbb71dcbaec49513a16278a315e0ddb304006866b55c26275bbea0534c9c8
Opcode Fuzzy Hash: 2f952e2d944dd5a060511075eea0a5d9fe589db992a3bc829ae2e4e1fd547cc4
Instruction Fuzzy Hash: 0581A0B1A40299AFDF219FA5DD49FEE7FB9EF04704F148129F911A72A0DB708954CB20

Function 00AE0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00AE10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00AE1114
Part of subcall function 00AE10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE1120
Part of subcall function 00AE10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE112F
Part of subcall function 00AE10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE1136
Part of subcall function 00AE10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00AE114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00AE0BCC
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00AE0C00
GetLengthSid.ADVAPI32(?), ref: 00AE0C17
GetAce.ADVAPI32(?,00000000,?), ref: 00AE0C51
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00AE0C6D
GetLengthSid.ADVAPI32(?), ref: 00AE0C84
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00AE0C8C
HeapAlloc.KERNEL32(00000000), ref: 00AE0C93
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00AE0CB4
CopySid.ADVAPI32(00000000), ref: 00AE0CBB
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00AE0CEA
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00AE0D0C
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00AE0D1E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE0D45
HeapFree.KERNEL32(00000000), ref: 00AE0D4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE0D55
HeapFree.KERNEL32(00000000), ref: 00AE0D5C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE0D65
HeapFree.KERNEL32(00000000), ref: 00AE0D6C
GetProcessHeap.KERNEL32(00000000,?), ref: 00AE0D78
HeapFree.KERNEL32(00000000), ref: 00AE0D7F

Part of subcall function 00AE1193: GetProcessHeap.KERNEL32(00000008,00AE0BB1,?,00000000,?,00AE0BB1,?), ref: 00AE11A1
Part of subcall function 00AE1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00AE0BB1,?), ref: 00AE11A8
Part of subcall function 00AE1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00AE0BB1,?), ref: 00AE11B7

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 0a6519f26cdedf87c125d92ea647da77c897df16680e61e79d0fc460b81d1c97
Instruction ID: c29a2b3d2f78f0dda76b0ccf5bd91b40ceb7d7517ae2e483afc2710b6248f80c
Opcode Fuzzy Hash: 0a6519f26cdedf87c125d92ea647da77c897df16680e61e79d0fc460b81d1c97
Instruction Fuzzy Hash: 23715C7294024AEBDF10DFA5DC88FEEBBB8FF08300F148515E915A7191DBB5AA45CB60

Function 00AFEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00B1CC08), ref: 00AFEB29
IsClipboardFormatAvailable.USER32(0000000D), ref: 00AFEB37
GetClipboardData.USER32(0000000D), ref: 00AFEB43
CloseClipboard.USER32 ref: 00AFEB4F
GlobalLock.KERNEL32(00000000), ref: 00AFEB87
CloseClipboard.USER32 ref: 00AFEB91
GlobalUnlock.KERNEL32(00000000), ref: 00AFEBBC
IsClipboardFormatAvailable.USER32(00000001), ref: 00AFEBC9
GetClipboardData.USER32(00000001), ref: 00AFEBD1
GlobalLock.KERNEL32(00000000), ref: 00AFEBE2
GlobalUnlock.KERNEL32(00000000), ref: 00AFEC22
IsClipboardFormatAvailable.USER32(0000000F), ref: 00AFEC38
GetClipboardData.USER32(0000000F), ref: 00AFEC44
GlobalLock.KERNEL32(00000000), ref: 00AFEC55
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00AFEC77
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00AFEC94
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00AFECD2
GlobalUnlock.KERNEL32(00000000), ref: 00AFECF3
CountClipboardFormats.USER32 ref: 00AFED14
CloseClipboard.USER32 ref: 00AFED59

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: 61213cf9bfa17d5f22bba42af2de622772183f134fc391e5bcf9384712aac4a9
Instruction ID: 65eca84ac2b1f306c65b8878b438251491c362fc5de42e0834144c4ea3ce4857
Opcode Fuzzy Hash: 61213cf9bfa17d5f22bba42af2de622772183f134fc391e5bcf9384712aac4a9
Instruction Fuzzy Hash: 8761BC34244205AFD310EFA4C888FBA7BA4AF84704F488559F596972A2DF31DD06CBA2

Function 00AF698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00AF69BE
FindClose.KERNEL32(00000000), ref: 00AF6A12
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00AF6A4E
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00AF6A75

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

FileTimeToSystemTime.KERNEL32(?,?), ref: 00AF6AB2
FileTimeToSystemTime.KERNEL32(?,?), ref: 00AF6ADF

Strings

%4d%02d%02d%02d%02d%02d, xrefs: 00AF6B6A
%4d, xrefs: 00AF6BB1
%4d%02d%02d%02d%02d%02d%03d, xrefs: 00AF6B32
%02d, xrefs: 00AF6C00, 00AF6C0A, 00AF6C5A, 00AF6CAA, 00AF6CFA, 00AF6D4A
%03d, xrefs: 00AF6DA2

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: 03bce68515b9d767fb44ef4151beda1e36e693f5189286deaa4d904197ef0f93
Instruction ID: 0093f9f673340a60752115da354e22f2e5807072404a167676b0d3663c19d43a
Opcode Fuzzy Hash: 03bce68515b9d767fb44ef4151beda1e36e693f5189286deaa4d904197ef0f93
Instruction Fuzzy Hash: DAD13DB2508304AFC714EBA4C982EBBB7ECAF98704F44491DF685D7191EB74DA44CB62

Function 00AF9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00AF9663
GetFileAttributesW.KERNEL32(?), ref: 00AF96A1
SetFileAttributesW.KERNEL32(?,?), ref: 00AF96BB
FindNextFileW.KERNEL32(00000000,?), ref: 00AF96D3
FindClose.KERNEL32(00000000), ref: 00AF96DE
FindFirstFileW.KERNEL32(*.*,?), ref: 00AF96FA
SetCurrentDirectoryW.KERNEL32(?), ref: 00AF974A
SetCurrentDirectoryW.KERNEL32(00B46B7C), ref: 00AF9768
FindNextFileW.KERNEL32(00000000,00000010), ref: 00AF9772
FindClose.KERNEL32(00000000), ref: 00AF977F
FindClose.KERNEL32(00000000), ref: 00AF978F

Strings

*.*, xrefs: 00AF96F5

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: a9cfb5805ae896988455e6bd8094d7331c686cd179c2810adc18969c4a9f8894
Instruction ID: 11d4a5826fd1e9724d2e095fe0442cc07d55f1f7bea7e66dc8dc90fcf03e5d77
Opcode Fuzzy Hash: a9cfb5805ae896988455e6bd8094d7331c686cd179c2810adc18969c4a9f8894
Instruction Fuzzy Hash: AB31A23254021D6BDB14AFF4EC49BEF7BAC9F09321F508195FA15E30A0DB74DE448A54

Function 00AF979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00AF97BE
FindNextFileW.KERNEL32(00000000,?), ref: 00AF9819
FindClose.KERNEL32(00000000), ref: 00AF9824
FindFirstFileW.KERNEL32(*.*,?), ref: 00AF9840
SetCurrentDirectoryW.KERNEL32(?), ref: 00AF9890
SetCurrentDirectoryW.KERNEL32(00B46B7C), ref: 00AF98AE
FindNextFileW.KERNEL32(00000000,00000010), ref: 00AF98B8
FindClose.KERNEL32(00000000), ref: 00AF98C5
FindClose.KERNEL32(00000000), ref: 00AF98D5

Part of subcall function 00AEDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00AEDB00

Strings

*.*, xrefs: 00AF983B

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: 09ce8a1625d62c58f1ac1851d5b743f652b012de5517657bd785fa251ab5e530
Instruction ID: 36ca15ffe86da62074de78293d6bbdf106d1f098afa0aef23a14294c0f6bc2d4
Opcode Fuzzy Hash: 09ce8a1625d62c58f1ac1851d5b743f652b012de5517657bd785fa251ab5e530
Instruction Fuzzy Hash: D831C33254021D6ADB14AFF4EC49BEF7BACDF06360F108195F954A31E0DB70DE848AA4

Function 00B0BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00B0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B0B6AE,?,?), ref: 00B0C9B5
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0C9F1
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA68
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B0BF3E
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00B0BFA9
RegCloseKey.ADVAPI32(00000000), ref: 00B0BFCD
RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00B0C02C
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00B0C0E7
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00B0C154
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00B0C1E9
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00B0C23A
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00B0C2E3
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00B0C382
RegCloseKey.ADVAPI32(00000000), ref: 00B0C38F

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
String ID:
API String ID: 3102970594-0
Opcode ID: be4628a82added75a7aa841a884ca8f4e697cba249719110c2782189c8898c9d
Instruction ID: ad52027597cc51c446224256ad45da65a8f745b7090da2df40bf37fe4fabfe1b
Opcode Fuzzy Hash: be4628a82added75a7aa841a884ca8f4e697cba249719110c2782189c8898c9d
Instruction Fuzzy Hash: 9B025D716042009FD714DF28C995E2ABBE5EF89318F18C59DF84ADB2A2DB31EC45CB52

Function 00AF8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00AF8257
SystemTimeToFileTime.KERNEL32(?,?), ref: 00AF8267
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00AF8273
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00AF8310
SetCurrentDirectoryW.KERNEL32(?), ref: 00AF8324
SetCurrentDirectoryW.KERNEL32(?), ref: 00AF8356
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00AF838C
SetCurrentDirectoryW.KERNEL32(?), ref: 00AF8395

Strings

*.*, xrefs: 00AF839B

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: 6bcbbe268e0b1ce39d3d4e4b2a5395bfd85a6e0149ce47cab6c67746e537fb95
Instruction ID: 32051b9cfd1a9c4e8bd9f59beef77782e6ad2a027ac8bacbc800ef5eb93e65ce
Opcode Fuzzy Hash: 6bcbbe268e0b1ce39d3d4e4b2a5395bfd85a6e0149ce47cab6c67746e537fb95
Instruction Fuzzy Hash: 57618BB25043099FCB10EF60C9409AFB7E8FF89714F04891EFA9987251DB35E945CB92

Function 00AED076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00A83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A83A97,?,?,00A82E7F,?,?,?,00000000), ref: 00A83AC2

Part of subcall function 00AEE199: GetFileAttributesW.KERNEL32(?,00AECF95), ref: 00AEE19A

FindFirstFileW.KERNEL32(?,?), ref: 00AED122
DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00AED1DD
MoveFileW.KERNEL32(?,?), ref: 00AED1F0
DeleteFileW.KERNEL32(?,?,?,?), ref: 00AED20D
FindNextFileW.KERNEL32(00000000,00000010), ref: 00AED237

Part of subcall function 00AED29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00AED21C,?,?), ref: 00AED2B2

FindClose.KERNEL32(00000000,?,?,?), ref: 00AED253
FindClose.KERNEL32(00000000), ref: 00AED264

Strings

\*.*, xrefs: 00AED0CD, 00AED0D6, 00AED0EB

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 1946585618-1173974218
Opcode ID: 19a1fbfb2723afd52e01d474c34abc81014f0d70c3c0f3f8052e5a1eaa492cb6
Instruction ID: 773eb41713eccbf4402595b0baabc6cd8e261d1d8bdf2197a5bd629b8caa02ae
Opcode Fuzzy Hash: 19a1fbfb2723afd52e01d474c34abc81014f0d70c3c0f3f8052e5a1eaa492cb6
Instruction Fuzzy Hash: 0B615B3180514DABCF05FBE1CA929FEBBB5AF25300F648169E40277191EB31AF09DB61

Function 00AFED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00AFED91
EmptyClipboard.USER32 ref: 00AFED97
GlobalAlloc.KERNEL32(00000002,?), ref: 00AFEDAC
CloseClipboard.USER32 ref: 00AFEEA3

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: af9a3ef8ef8e53c79e328b08e274697bdcd5115abc236c349af198df0037c115
Instruction ID: 79a95a6904572e620bdd06bbf713174e58427e41e2642bfe31d36e9f6eebb1a1
Opcode Fuzzy Hash: af9a3ef8ef8e53c79e328b08e274697bdcd5115abc236c349af198df0037c115
Instruction Fuzzy Hash: 4441BE35204611AFE320DF55E888B69BBE5FF44328F54C4A9F5558BA72CB35EC41CB90

Function 00AEE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 00AE16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00AE170D
Part of subcall function 00AE16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00AE173A
Part of subcall function 00AE16C3: GetLastError.KERNEL32 ref: 00AE174A

ExitWindowsEx.USER32(?,00000000), ref: 00AEE932

Strings

SeShutdownPrivilege, xrefs: 00AEE902
, xrefs: 00AEE95C
@, xrefs: 00AEE925
, xrefs: 00AEE920

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: 51cbaaf0018f5be85d6040b6eea9415b9a15a5306df5722d4c4e7233fc8c1ea1
Instruction ID: 3b91874b001344c0658f943144be4fe9e4ff5367617d301409d7b6b0e21bdedd
Opcode Fuzzy Hash: 51cbaaf0018f5be85d6040b6eea9415b9a15a5306df5722d4c4e7233fc8c1ea1
Instruction Fuzzy Hash: E601F972650251ABEB54A7B69C8AFFFB2EC9718750F154422FC13E71D3EAB09C4481A4

Function 00B01204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00B01276
WSAGetLastError.WSOCK32 ref: 00B01283
bind.WSOCK32(00000000,?,00000010), ref: 00B012BA
WSAGetLastError.WSOCK32 ref: 00B012C5
closesocket.WSOCK32(00000000), ref: 00B012F4
listen.WSOCK32(00000000,00000005), ref: 00B01303
WSAGetLastError.WSOCK32 ref: 00B0130D
closesocket.WSOCK32(00000000), ref: 00B0133C

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorLast$closesocket$bindlistensocket
String ID:
API String ID: 540024437-0
Opcode ID: ba38ec928b4b33a0d8c8afdc366d59270b205a32d2068a2c6bf2ba908bc8e29d
Instruction ID: a1aebc5216adb2995f8d11420cccc0a5127f33027ed4e272f202f5520e213c01
Opcode Fuzzy Hash: ba38ec928b4b33a0d8c8afdc366d59270b205a32d2068a2c6bf2ba908bc8e29d
Instruction Fuzzy Hash: 2D416D71600100AFD714DF68C588B69BFE5EF46318F588598E8569F2D2C771ED81CBA1

Function 00AED3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00A83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A83A97,?,?,00A82E7F,?,?,?,00000000), ref: 00A83AC2

Part of subcall function 00AEE199: GetFileAttributesW.KERNEL32(?,00AECF95), ref: 00AEE19A

FindFirstFileW.KERNEL32(?,?), ref: 00AED420
DeleteFileW.KERNEL32(?,?,?,?), ref: 00AED470
FindNextFileW.KERNEL32(00000000,00000010), ref: 00AED481
FindClose.KERNEL32(00000000), ref: 00AED498
FindClose.KERNEL32(00000000), ref: 00AED4A1

Strings

\*.*, xrefs: 00AED3F2

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: 67c5d8d39828dd213384b6cc03f0e89c868a3327b08bacc3335e4eb6ae2d5ccd
Instruction ID: 6389eb92870ed2a4460581f46f2fb2ae23b88ff0ab0923a6cc9d7d0600328c36
Opcode Fuzzy Hash: 67c5d8d39828dd213384b6cc03f0e89c868a3327b08bacc3335e4eb6ae2d5ccd
Instruction Fuzzy Hash: 683160710083859BC305FF64D9958AFB7E8AEA5314F844A1EF4D593191EB30AA09D763

Function 00ABE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00ABE645

Strings

1#INF, xrefs: 00ABF852
1#IND, xrefs: 00ABF83D
1#QNAN, xrefs: 00ABF84B
1#SNAN, xrefs: 00ABF844

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 51c0e5b5be58e30553588eb440b76362d54d8e536541d8e4bad2bbb0069bde29
Instruction ID: cd4ce8154468fbca8f16f78984a23dbf18b6545926ebb2fced6c69dc5689510d
Opcode Fuzzy Hash: 51c0e5b5be58e30553588eb440b76362d54d8e536541d8e4bad2bbb0069bde29
Instruction Fuzzy Hash: 07C23C71E046288FDB25CF68DD407EAB7B9EB49305F1841EAD84DE7242E775AE818F40

Function 00AF648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00AF64DC
CoInitialize.OLE32(00000000), ref: 00AF6639
CoCreateInstance.OLE32(00B1FCF8,00000000,00000001,00B1FB68,?), ref: 00AF6650
CoUninitialize.OLE32 ref: 00AF68D4

Strings

.lnk, xrefs: 00AF64BA, 00AF6524, 00AF65E0

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: a0266997ead616ea7ab75e835d9747c8b8c722686cc185b6dbe9e17d3c395cdf
Instruction ID: f61de2b5f63e1271355a7624d815bde2df4a44444e55f8140a4a2555e3adea20
Opcode Fuzzy Hash: a0266997ead616ea7ab75e835d9747c8b8c722686cc185b6dbe9e17d3c395cdf
Instruction Fuzzy Hash: DAD16971508305AFD304EF64C981A6BB7E8FF98704F14496DF5959B2A1EB30ED09CBA2

Function 00B022DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 00B022E8

Part of subcall function 00AFE4EC: GetWindowRect.USER32(?,?), ref: 00AFE504

GetDesktopWindow.USER32 ref: 00B02312
GetWindowRect.USER32(00000000), ref: 00B02319
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00B02355
GetCursorPos.USER32(?), ref: 00B02381
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00B023DF

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: 1765d3caa64d80a1587d510bab4b29c8a205e170d1e0a899996c76d8e8ab8c97
Instruction ID: 88da68813256f7e9850c19172f89eb056ee1ad26fa6af38e578ecc8abdc07233
Opcode Fuzzy Hash: 1765d3caa64d80a1587d510bab4b29c8a205e170d1e0a899996c76d8e8ab8c97
Instruction Fuzzy Hash: 3931E072504315AFCB20DF54D849B9BBBEAFF84310F00491AF98997191DB34EA08CB96

Function 00AF9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00AF9B78
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00AF9C8B

Part of subcall function 00AF3874: GetInputState.USER32 ref: 00AF38CB
Part of subcall function 00AF3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AF3966

Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00AF9BA8
FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00AF9C75

Strings

*.*, xrefs: 00AF9B5D

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
String ID: *.*
API String ID: 1972594611-438819550
Opcode ID: 7f77bf3ed768aa6d69fb27b30746c5032e3b44c374662ba4db3bc5dc9ed82144
Instruction ID: cc1a6a485f660a2999425aa291ef1bb4c73862f42a523b1f08e711134dcda93e
Opcode Fuzzy Hash: 7f77bf3ed768aa6d69fb27b30746c5032e3b44c374662ba4db3bc5dc9ed82144
Instruction Fuzzy Hash: 3241487194420EAFCF54EFA4C985BEEBBB8EF05310F244056F905A2191EB309E85CBA1

Function 00A9997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON

Download Yara Rule

APIs

Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2

DefDlgProcW.USER32(?,?,?,?,?), ref: 00A99A4E
GetSysColor.USER32(0000000F), ref: 00A99B23
SetBkColor.GDI32(?,00000000), ref: 00A99B36

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Color$LongProcWindow
String ID:
API String ID: 3131106179-0
Opcode ID: 0294db8c13c6a8bb74973c56e25de81460fc95eeeb2703865debb6d2be8b7817
Instruction ID: 4851ccfee9d54217e2d49a0f5b77b3d55825c50a0c5994b336fdbc43a106b223
Opcode Fuzzy Hash: 0294db8c13c6a8bb74973c56e25de81460fc95eeeb2703865debb6d2be8b7817
Instruction Fuzzy Hash: 5FA1E770308544BFEF299B2C8C99FBF36EDEB46380B14454EF503D6A91EA259D42D272

Function 00B01806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00B0304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00B0307A
Part of subcall function 00B0304E: _wcslen.LIBCMT ref: 00B0309B

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00B0185D
WSAGetLastError.WSOCK32 ref: 00B01884
bind.WSOCK32(00000000,?,00000010), ref: 00B018DB
WSAGetLastError.WSOCK32 ref: 00B018E6
closesocket.WSOCK32(00000000), ref: 00B01915

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
String ID:
API String ID: 1601658205-0
Opcode ID: 1ab6ed3fe6fa37056753b71dae8808e3ab93f1cf0ffabd7f083431573ace8e61
Instruction ID: ed31004820fa7e4204fd8e7235f5b45ac07afa22149476e45ddd7bea7461ec5e
Opcode Fuzzy Hash: 1ab6ed3fe6fa37056753b71dae8808e3ab93f1cf0ffabd7f083431573ace8e61
Instruction Fuzzy Hash: A751D471A002109FEB14AF28C986F6A7BE5EB44718F54C498F9065F3D3D771AD41CBA1

Function 00B11C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00B11CC0
IsWindowEnabled.USER32 ref: 00B11CCE
GetForegroundWindow.USER32(?,?,00000001,?), ref: 00B11CDB
IsIconic.USER32 ref: 00B11CE9
IsZoomed.USER32 ref: 00B11CF7

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: 57d3bb5c4de6186ae37357a9f86f093586edfbbd7d550940bb5f7d024aa240c7
Instruction ID: 4ef54ba1977b7beb262436abf541f01f71dc7f6b56f6c839ce2bb59516dba315
Opcode Fuzzy Hash: 57d3bb5c4de6186ae37357a9f86f093586edfbbd7d550940bb5f7d024aa240c7
Instruction Fuzzy Hash: 1221A3317802115FD7209F2ED884BAA7BE5EF95324B9984A8E946CF351CB71DC82CBD0

Function 00A88060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON

Download Yara Rule

Strings

VUUU, xrefs: 00A883E8
VUUU, xrefs: 00AC5DF0
ERCP, xrefs: 00A8813C
VUUU, xrefs: 00A883FA
VUUU, xrefs: 00A8843C

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: ERCP$VUUU$VUUU$VUUU$VUUU
API String ID: 0-1546025612
Opcode ID: a023ddc79a74144d865e5eae7ae11a1cc9a7547bd328cd0132b88779c6d9ec58
Instruction ID: 83abbdf3cc227138b27a6a861a5d0fb10c6efc6637a94c267baddb7105d16d7c
Opcode Fuzzy Hash: a023ddc79a74144d865e5eae7ae11a1cc9a7547bd328cd0132b88779c6d9ec58
Instruction Fuzzy Hash: 82A27171E0061ACBDF24DF58C940BEEB7B1BF54310F6581AAE815AB285EB749D81CF90

Function 00AEAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00AEAAAC
SetKeyboardState.USER32(00000080), ref: 00AEAAC8
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00AEAB36
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00AEAB88

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: a4e66b3ef7f87116fa97e82dbdb61a17f41e5a53f520163d1668c568f4c0e29d
Instruction ID: f0af9e119849d5cca53902eab971261c663e93c7afcc52f709b4be8123edd5f0
Opcode Fuzzy Hash: a4e66b3ef7f87116fa97e82dbdb61a17f41e5a53f520163d1668c568f4c0e29d
Instruction Fuzzy Hash: 72310870A80388AEFF35CB66CC05BFA7BA6EB64310F04821AF581961D1D775AD85C762

Function 00ABBB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00ABBB7F

Part of subcall function 00AB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000), ref: 00AB29DE
Part of subcall function 00AB29C8: GetLastError.KERNEL32(00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000,00000000), ref: 00AB29F0

GetTimeZoneInformation.KERNEL32 ref: 00ABBB91
WideCharToMultiByte.KERNEL32(00000000,?,00B5121C,000000FF,?,0000003F,?,?), ref: 00ABBC09
WideCharToMultiByte.KERNEL32(00000000,?,00B51270,000000FF,?,0000003F,?,?,?,00B5121C,000000FF,?,0000003F,?,?), ref: 00ABBC36

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
String ID:
API String ID: 806657224-0
Opcode ID: 4ff3f41808ef8472b43faa447929b95ec9ef9c1d830394cbdf2d055626078925
Instruction ID: 4b0efcfdc5a201d768f9cecd981520641478f27daf93c7fe1680cde98a1cbace
Opcode Fuzzy Hash: 4ff3f41808ef8472b43faa447929b95ec9ef9c1d830394cbdf2d055626078925
Instruction Fuzzy Hash: 3E31C070944205EFCB11DF68CC80AADBFBCBF46311B144AAAE014DB2A2DB719E40CB60

Function 00AFCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000400,?), ref: 00AFCE89
GetLastError.KERNEL32(?,00000000), ref: 00AFCEEA
SetEvent.KERNEL32(?,?,00000000), ref: 00AFCEFE

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorEventFileInternetLastRead
String ID:
API String ID: 234945975-0
Opcode ID: e2c9fbc0d6ce9420b7f98fe1bacd4bc78ad7c46bbfccbe5bc0454bac0ed2af19
Instruction ID: d2b0068455f9208002f408f2bc4f67e4db9802e09096e65faa4c298778e18467
Opcode Fuzzy Hash: e2c9fbc0d6ce9420b7f98fe1bacd4bc78ad7c46bbfccbe5bc0454bac0ed2af19
Instruction Fuzzy Hash: 32215E7154070DABD720DFA6DA44BA6BBF8EF50364F10841AF646D3151EB74EE048B54

Function 00AE8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,00000000), ref: 00AE82AA

Strings

|, xrefs: 00AE82DA
(, xrefs: 00AE82F0

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: lstrlen
String ID: ($|
API String ID: 1659193697-1631851259
Opcode ID: b0b0b169828a664d3c0d25298dd80fae242ce2571c2a6197ca92a2754aa57427
Instruction ID: e82fe329077f8f6dcfc38cceaaa592bd125d409cd3bb082516382997063adf51
Opcode Fuzzy Hash: b0b0b169828a664d3c0d25298dd80fae242ce2571c2a6197ca92a2754aa57427
Instruction Fuzzy Hash: F0323575A007469FCB28CF5AC481A6AB7F0FF48710B15C56EE49ADB3A1EB74E941CB40

Function 00AF5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00AF5CC1
FindNextFileW.KERNEL32(00000000,?), ref: 00AF5D17
FindClose.KERNEL32(?), ref: 00AF5D5F

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 527ecaeca86188e0b75e909112e5344ffc7d790f704110c2721b64397c290ffa
Instruction ID: 5df8178655b7a0fc9449b36c3e5a66f3839fa7dc4fae917aa3de97bc884d2d42
Opcode Fuzzy Hash: 527ecaeca86188e0b75e909112e5344ffc7d790f704110c2721b64397c290ffa
Instruction Fuzzy Hash: 1551AC34A046059FC714DF68C484AA6B7E4FF0A324F14855DFA9A8B3A1DB30ED04CF91

Function 00AB2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 00AB271A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00AB2724
UnhandledExceptionFilter.KERNEL32(?), ref: 00AB2731

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: c8ec7c3abe1992cca2fa021a7a76b6e0a8bc7bf99e76673835b057dc4c9fcc2a
Instruction ID: 4f33a31608c5fb75d33d16ecadde4b2f2727c541a0e9b8a0fbe8029d40ff41c5
Opcode Fuzzy Hash: c8ec7c3abe1992cca2fa021a7a76b6e0a8bc7bf99e76673835b057dc4c9fcc2a
Instruction Fuzzy Hash: 3D31D5749412189BCB21DF68DD88BDDBBB8AF08310F5041EAE41CA72A1EB309F818F44

Function 00AF51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00AF51DA
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00AF5238
SetErrorMode.KERNEL32(00000000), ref: 00AF52A1

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: a1bde0c2520100abf49debae49f31a890a2c5fd11a78ef0024e6bb699dedfc3f
Instruction ID: 5d0bd1ca2b7b7bab36a5adf33afe96e1a9e82b29c00c8fac127b04531b2c8709
Opcode Fuzzy Hash: a1bde0c2520100abf49debae49f31a890a2c5fd11a78ef0024e6bb699dedfc3f
Instruction Fuzzy Hash: 2D314F75A00518DFDB00DF94D884EEDBBB4FF49314F048099E905AB352DB31E855CBA0

Function 00AE16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 00A9FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00AA0668
Part of subcall function 00A9FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00AA0685

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00AE170D
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00AE173A
GetLastError.KERNEL32 ref: 00AE174A

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 577356006-0
Opcode ID: 0a44bc970848e3bd27a9b75e65008f08b8360b5d62df1e3984e81f81d6b22ab0
Instruction ID: 7d224c814fc1e6a073da4e7e16bdc074093fefbe7f7b01424c1f9c795938d91e
Opcode Fuzzy Hash: 0a44bc970848e3bd27a9b75e65008f08b8360b5d62df1e3984e81f81d6b22ab0
Instruction Fuzzy Hash: 3B11CEB2510304AFD718AF54EC86DAABBF9EB08B14B20852EE05697641EB70BC41CA24

Function 00AED5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00AED608
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00AED645
CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00AED650

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: 295a834c4fb48881058d8742ed6f72e6316353c022275d871a4485b1ac2d7c80
Instruction ID: c340cceead0974c0ff8891070722e609ab7d8a4acb19cf3434a6924f8e0a887f
Opcode Fuzzy Hash: 295a834c4fb48881058d8742ed6f72e6316353c022275d871a4485b1ac2d7c80
Instruction Fuzzy Hash: 13113C75E45228BBDB108F95AC45FEFBFBCEB45B50F108115F914E7290D6704A058BA1

Function 00AE1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00AE168C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00AE16A1
FreeSid.ADVAPI32(?), ref: 00AE16B1

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: 55e50b9a131c8b7de9fcc8df639eb9d6386ea525acebe73111ad181170e71f64
Instruction ID: 8aa8dde40552bf11f4b27a7b9f3a7a757650272b79daf6b338e387d9f20e2156
Opcode Fuzzy Hash: 55e50b9a131c8b7de9fcc8df639eb9d6386ea525acebe73111ad181170e71f64
Instruction Fuzzy Hash: EDF0F471990309FBDB00DFE49C89EAEBBBCEB08604F508565E501E2181E774AA448A50

Function 00ADD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 00ADD28C

Strings

X64, xrefs: 00ADD2A8

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: NameUser
String ID: X64
API String ID: 2645101109-893830106
Opcode ID: 9b8c01fb8d14535b421e9fbc08af6a3fedd016068bd12aad8b884ec8403ca338
Instruction ID: 88e7a58779805b86ea4b82cd9bf63e583fbd2eb44ba1f488c513cbdfe351344f
Opcode Fuzzy Hash: 9b8c01fb8d14535b421e9fbc08af6a3fedd016068bd12aad8b884ec8403ca338
Instruction Fuzzy Hash: 0FD0CAB480122DEACF94CBA0EC88DDAB7BCBB08345F204292F146A2100DB3096888F20

Function 00AACAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction ID: f0c1a4aec0f960fa73f5699264b99f5ea929de64bbb3b2cf06fbe6dddf5bfdb7
Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction Fuzzy Hash: A3021E71E002199FEF24CFA9C9806ADFBF1EF49324F258169D919E7384D731AE418B94

Function 00AF68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00AF6918
FindClose.KERNEL32(00000000), ref: 00AF6961

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: a4e76a629afdb182037d4414f731fb9629bd4c09b121a4b2678116809cf4d58c
Instruction ID: 63e788d81139e1af7025120fbba72a8b35b15c6a39bec8c93a09892d9db5daef
Opcode Fuzzy Hash: a4e76a629afdb182037d4414f731fb9629bd4c09b121a4b2678116809cf4d58c
Instruction Fuzzy Hash: 04118E316042049FD710DF69D4C4A26BBE5FF85328F54C699F5698F6A2CB70EC05CB91

Function 00AF37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00B04891,?,?,00000035,?), ref: 00AF37E4
FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00B04891,?,?,00000035,?), ref: 00AF37F4

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: 7cbaa96a44db0fdd4a4948804079b96c27f3ed4bfb8234607a58e278da4ed3a3
Instruction ID: 03bf59dc581deae2dfd1d9fcb77b94dbb49adb7a5fe4a611bb915d3bfccb2040
Opcode Fuzzy Hash: 7cbaa96a44db0fdd4a4948804079b96c27f3ed4bfb8234607a58e278da4ed3a3
Instruction Fuzzy Hash: BFF0E5B17042282AEB2067A69D4DFEB7AAEEFC5761F000165F609D3281D9B09944C7F0

Function 00AEB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00AEB25D
keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00AEB270

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: 0e5dc09109001a7520f32620cc6b3709cea88dcd9a5467bbdb60d0a555c2a2e1
Instruction ID: 61319686cab56b46569ad4ba33ad315c86924ce7a658fcaf326dad5630381ccb
Opcode Fuzzy Hash: 0e5dc09109001a7520f32620cc6b3709cea88dcd9a5467bbdb60d0a555c2a2e1
Instruction Fuzzy Hash: E4F01D7185428DABDB059FA1C806BEE7FB4FF04305F008009F965A6191C77986119FA4

Function 00AE10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00AE11FC), ref: 00AE10D4
CloseHandle.KERNEL32(?,?,00AE11FC), ref: 00AE10E9

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: fbccfd60232ddd568cabfa279a48670a4983763fff49c5ecf8bea5f4ffdfb2c1
Instruction ID: 9081938c69fe2dd503b008352a19035cc8bd0b3bfba0a271510cfe69b4128066
Opcode Fuzzy Hash: fbccfd60232ddd568cabfa279a48670a4983763fff49c5ecf8bea5f4ffdfb2c1
Instruction Fuzzy Hash: B7E0BF72154610AFEB252B51FD09EB77BE9EB04310B24C82DF5A5814B1DB726C90DB54

Function 00A8CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON

Download Yara Rule

Strings

Variable is not of type 'Object'., xrefs: 00AD0C40

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: Variable is not of type 'Object'.
API String ID: 0-1840281001
Opcode ID: 734f1855d61c729895fc9b037d5fdda8a5b8daa20527d10a6e3d7f6c64f107e5
Instruction ID: 2421e9ef46bf31b118aef2a658d247f8d2e2932c4e9c995e38817fc0536a48e2
Opcode Fuzzy Hash: 734f1855d61c729895fc9b037d5fdda8a5b8daa20527d10a6e3d7f6c64f107e5
Instruction Fuzzy Hash: 75328870900218DFDF14EF94D985BEDBBB5BF05318F14806AE806AB292DB75AE45CF60

Function 00AB676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00AB6766,?,?,00000008,?,?,00ABFEFE,00000000), ref: 00AB6998

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 12bef984b4ab182706006702ab22c3bbce86294f813a5abd93abe0d2210101d3
Instruction ID: 160671e1170b19a4320203e91a1d1b925265550ec699a9206cf4fae5e03816e5
Opcode Fuzzy Hash: 12bef984b4ab182706006702ab22c3bbce86294f813a5abd93abe0d2210101d3
Instruction Fuzzy Hash: 53B13C726106089FDB15CF28C486BA57BF4FF45364F29865CE899CF2A2C739E991CB40

Function 00A9B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON

Download Yara Rule

Strings

, xrefs: 00AD851F

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: b1cba6e7569677588b1b643648cc5afc5b5b88ee3987ca758300f807d47eef20
Instruction ID: 0631869903f56784e7b3c6475d3f37f94b91e250edfb82566ddbdb6536389d65
Opcode Fuzzy Hash: b1cba6e7569677588b1b643648cc5afc5b5b88ee3987ca758300f807d47eef20
Instruction Fuzzy Hash: 58126D75A10229DBCF24CF58D9806EEB7F5FF48710F14819AE809EB255DB349A81DFA0

Function 00AFEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 00AFEABD

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: 328a42b25f79e97a3c9d6f6bac3ee599497e31db378295745a474670c037834a
Instruction ID: fda4c20d486e2f09378efa38786bf5c0ab2dde09f5a40b0022d0443a8d566bc7
Opcode Fuzzy Hash: 328a42b25f79e97a3c9d6f6bac3ee599497e31db378295745a474670c037834a
Instruction Fuzzy Hash: 71E01A312102049FD710EF99D804E9ABBE9AF987A0F408426FD4AC7261DB70A8408BA0

Function 00AA09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00AA03EE), ref: 00AA09DA

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 4dc7be7a3a4dabee086e78310ec363755923758dc53211666dcb6ccf1e263271
Instruction ID: 7fe7c3d36912501d4df602322a8e1ab339a458c759d7d57127d6181e343f5337
Opcode Fuzzy Hash: 4dc7be7a3a4dabee086e78310ec363755923758dc53211666dcb6ccf1e263271
Instruction Fuzzy Hash:

Function 00AA781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 00AA798B

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction ID: 36071676543707f8f74878427c837d6691ef61e1d017ca905ae6f8476c02bf0f
Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction Fuzzy Hash: 5551557260C7056BDB3887688D5EBBF63A99B0B340F18051BD886D72C2CB1DDE85D356

Function 00AB6DD9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95ee080141789b6b802c942246ef3edc073ae1d853912c57b0a76b69b3789f3e
Instruction ID: 2cccfcec255029e85f56d26afc1bac7bf817e3db9d046ed82912cf5df2423e46
Opcode Fuzzy Hash: 95ee080141789b6b802c942246ef3edc073ae1d853912c57b0a76b69b3789f3e
Instruction Fuzzy Hash: AB320022D29F414DD7339634C822339A65DAFB73C5F15D737E81AB69AAEF69C4834100

Function 00A9CC39 Relevance: .6, Instructions: 635COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61a63bb8b4adcfff60ba35267b64d96007e5cab59dd6070381b01fa1f638f80b
Instruction ID: f7302250b88250565732704f09020a26930520a079ddf4bef231cee01807d756
Opcode Fuzzy Hash: 61a63bb8b4adcfff60ba35267b64d96007e5cab59dd6070381b01fa1f638f80b
Instruction Fuzzy Hash: 9432E131B401168BDF28CB69C4946BD7BF2EB45330FA8856BD49B9B392D634DE81DB40

Function 00A87920 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb22ba4ab10ad03b5a6613b04f6f5343f8339ab054421c01e8d243f70b46988c
Instruction ID: 1f513b970b14c9cefb652aacb93709e7d4488baed12615294f9b45d008960ba5
Opcode Fuzzy Hash: cb22ba4ab10ad03b5a6613b04f6f5343f8339ab054421c01e8d243f70b46988c
Instruction Fuzzy Hash: BF228F70E046099FDF14DFA5C981BAEB7F6FF44300F244529E816AB291EB35E951CB50

Function 00A891C0 Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd6261bc37a9c347e6d34f7b11f88e13663a304c737b3f6712c4729c4dc2539e
Instruction ID: 51b4c00f11c00933c3ae81e48db03469c54e59f413f57b477c2b2788b431d99b
Opcode Fuzzy Hash: fd6261bc37a9c347e6d34f7b11f88e13663a304c737b3f6712c4729c4dc2539e
Instruction Fuzzy Hash: F70280B1A0020AEFDF04DF54D981BAEB7F1FF44340F158169E816DB291EB31AA21CB95

Function 00AB9EEE Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9a741f98128e3f170f3c25c4e2ad1c575ff62b1df76b115259c6a460a5fe445
Instruction ID: a93be53529e9004efe11b325dd427d76790308967ac044447f059c02d66dfd55
Opcode Fuzzy Hash: d9a741f98128e3f170f3c25c4e2ad1c575ff62b1df76b115259c6a460a5fe445
Instruction Fuzzy Hash: DFB1F220D2AF414DD32396398871336B69CAFBB6D5F91D71BFC2675D22EF2686834140

Function 00AA1C77 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction ID: 4e36eb484c560cbb63633f516119c626051bcc5d79c30b1d7cb7cb93eedef793
Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction Fuzzy Hash: 569153726080A35ADB29473A857407EFFE15A933B2B1A079ED4F2CB1C5FF249964D620

Function 00AA1F32 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction ID: 5e829aecc28e684111fe55ee5fd4f9fcfc46f005b644cf1a9b16d502cac15660
Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction Fuzzy Hash: EF912F722090A34EDB69473D857453EFFE15A933A171A079EE4F2CB1C5EF248964E720

Function 00AA19B0 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction ID: 96d52092c10e8c1ab45088d8743351ec65cf85cf093652d2eb3d7e33c3889cdc
Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction Fuzzy Hash: 549130722090A35EDB69477A857403EFFF15A933A2B1A079ED4F2CB1C1FF248965D620

Function 00AA7A4A Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebf312025fd685482e07da92bcadefc8b07612218551987a7ef8ca380c887fb1
Instruction ID: 27f845dc10b4906fc426ee2810f3034d68a0585c799b5820c95135d1b2c08dd0
Opcode Fuzzy Hash: ebf312025fd685482e07da92bcadefc8b07612218551987a7ef8ca380c887fb1
Instruction Fuzzy Hash: F96137B1708709A6DE349B288D95BBF63A8DF43750F24091AE843DB2C1DB159E42C775

Function 00AA7CA7 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0de080297a5409d978f6569f19a908afe248f3a4ecbd8095941aeb785e659bbe
Instruction ID: 447c52a392f2bf35b438ffcdc35c8f3f7e386d4dfbedc3361b3748c028e9deaf
Opcode Fuzzy Hash: 0de080297a5409d978f6569f19a908afe248f3a4ecbd8095941aeb785e659bbe
Instruction Fuzzy Hash: A661997160870967DF388B288DA5BBF63A8EF43704F14095AE943DB2C1EB16ED428B55

Function 00AA1706 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction ID: f3064c1ef404cf326a88a49b6cc334b914c53b16a87077993816bddc45391849
Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction Fuzzy Hash: 848174726090A31DDB6D473A857443EFFE15A933A1B1A079DD4F2CB1C1EF24C954E620

Function 00A9D063 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 258c31b98c21070db14766f0e04f80bb9f7ca5d19298dc7472ee0d830283b858
Instruction ID: 0b40acc8305f8a9403fc51106febde4f8529244de17a77a5ac17b760e15b7156
Opcode Fuzzy Hash: 258c31b98c21070db14766f0e04f80bb9f7ca5d19298dc7472ee0d830283b858
Instruction Fuzzy Hash: 75512A9985FBDA1FDB179734886A198FFB0AC1726174887CFD8825E8CBD381041AC75B

Function 00AF2046 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 284c4cdcf42df3814828f3ca44ad4ee68e879d544a6254c94109ab6f711dac70
Instruction ID: ff8ae548ba247c5f1dbd8e70ac8d45b9f1502eab957b2bb6343cb0f9cd3f8453
Opcode Fuzzy Hash: 284c4cdcf42df3814828f3ca44ad4ee68e879d544a6254c94109ab6f711dac70
Instruction Fuzzy Hash: B521A5326216158BDB28CF79C82277A73E5A764311F15866EE4A7C37D0DE39AD04CB80

Function 00B02ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00B02B30
DeleteObject.GDI32(00000000), ref: 00B02B43
DestroyWindow.USER32 ref: 00B02B52
GetDesktopWindow.USER32 ref: 00B02B6D
GetWindowRect.USER32(00000000), ref: 00B02B74
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00B02CA3
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00B02CB1
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02CF8
GetClientRect.USER32(00000000,?), ref: 00B02D04
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00B02D40
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02D62
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02D75
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02D80
GlobalLock.KERNEL32(00000000), ref: 00B02D89
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02D98
GlobalUnlock.KERNEL32(00000000), ref: 00B02DA1
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02DA8
GlobalFree.KERNEL32(00000000), ref: 00B02DB3
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02DC5
OleLoadPicture.OLEAUT32(?,00000000,00000000,00B1FC38,00000000), ref: 00B02DDB
GlobalFree.KERNEL32(00000000), ref: 00B02DEB
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00B02E11
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00B02E30
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02E52
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B0303F

Strings

static, xrefs: 00B02D3A, 00B02E91
, xrefs: 00B02FC5
AutoIt v3, xrefs: 00B02CF2
DISPLAY, xrefs: 00B02EA2

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 4be34078b4bc6f0c90c18eac45af2728118c252187ddd736e904d7701c257b78
Instruction ID: 114e6cd75076a1fa9b2eedb53aa4ff41fe7ef931a7424e0efc35b3106dfc52b2
Opcode Fuzzy Hash: 4be34078b4bc6f0c90c18eac45af2728118c252187ddd736e904d7701c257b78
Instruction Fuzzy Hash: 93028A71940205AFDB14DFA4CD89EAE7FB9FB49711F108598F915AB2A1DB70ED00CB60

Function 00B170D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 00B1712F
GetSysColorBrush.USER32(0000000F), ref: 00B17160
GetSysColor.USER32(0000000F), ref: 00B1716C
SetBkColor.GDI32(?,000000FF), ref: 00B17186
SelectObject.GDI32(?,?), ref: 00B17195
InflateRect.USER32(?,000000FF,000000FF), ref: 00B171C0
GetSysColor.USER32(00000010), ref: 00B171C8
CreateSolidBrush.GDI32(00000000), ref: 00B171CF
FrameRect.USER32(?,?,00000000), ref: 00B171DE
DeleteObject.GDI32(00000000), ref: 00B171E5
InflateRect.USER32(?,000000FE,000000FE), ref: 00B17230
FillRect.USER32(?,?,?), ref: 00B17262
GetWindowLongW.USER32(?,000000F0), ref: 00B17284

Part of subcall function 00B173E8: GetSysColor.USER32(00000012), ref: 00B17421
Part of subcall function 00B173E8: SetTextColor.GDI32(?,?), ref: 00B17425
Part of subcall function 00B173E8: GetSysColorBrush.USER32(0000000F), ref: 00B1743B
Part of subcall function 00B173E8: GetSysColor.USER32(0000000F), ref: 00B17446
Part of subcall function 00B173E8: GetSysColor.USER32(00000011), ref: 00B17463
Part of subcall function 00B173E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00B17471
Part of subcall function 00B173E8: SelectObject.GDI32(?,00000000), ref: 00B17482
Part of subcall function 00B173E8: SetBkColor.GDI32(?,00000000), ref: 00B1748B
Part of subcall function 00B173E8: SelectObject.GDI32(?,?), ref: 00B17498
Part of subcall function 00B173E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00B174B7
Part of subcall function 00B173E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00B174CE
Part of subcall function 00B173E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00B174DB

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: 0fdbb45bb9256d78adf3454ce13e9b4155b9de03d6438633a7ee8e2e5baed45a
Instruction ID: 67a98e6c50c074cbc8980a448beced26829d9f7290243ed250c0af910e11ddac
Opcode Fuzzy Hash: 0fdbb45bb9256d78adf3454ce13e9b4155b9de03d6438633a7ee8e2e5baed45a
Instruction Fuzzy Hash: 97A18E72088301FFDB019F60DC48A9A7BF9FB49320F904A19F962A71A1DB70E9458B91

Function 00A98D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?), ref: 00A98E14
SendMessageW.USER32(?,00001308,?,00000000), ref: 00AD6AC5
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00AD6AFE
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00AD6F43

Part of subcall function 00A98F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A98BE8,?,00000000,?,?,?,?,00A98BBA,00000000,?), ref: 00A98FC5

SendMessageW.USER32(?,00001053), ref: 00AD6F7F
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00AD6F96
ImageList_Destroy.COMCTL32(00000000,?), ref: 00AD6FAC
ImageList_Destroy.COMCTL32(00000000,?), ref: 00AD6FB7

Strings

0, xrefs: 00AD6DCF

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
String ID: 0
API String ID: 2760611726-4108050209
Opcode ID: cb2483d5b6115b5d6543f3e5b04dccfb840690307f0985d43e11a8c42e384042
Instruction ID: 2a0e38c1869611c395d7a9e4d0ee0e79f2711b21d637197e988245edd346806f
Opcode Fuzzy Hash: cb2483d5b6115b5d6543f3e5b04dccfb840690307f0985d43e11a8c42e384042
Instruction Fuzzy Hash: CC12AD30600611DFDB25CF28D994BAABBF5FB49301F54846AF4968B261CB35EC52CB91

Function 00B02711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 00B0273E
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00B0286A
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00B028A9
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00B028B9
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00B02900
GetClientRect.USER32(00000000,?), ref: 00B0290C
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00B02955
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00B02964
GetStockObject.GDI32(00000011), ref: 00B02974
SelectObject.GDI32(00000000,00000000), ref: 00B02978
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00B02988
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B02991
DeleteDC.GDI32(00000000), ref: 00B0299A
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00B029C6
SendMessageW.USER32(00000030,00000000,00000001), ref: 00B029DD
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00B02A1D
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00B02A31
SendMessageW.USER32(00000404,00000001,00000000), ref: 00B02A42
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00B02A77
GetStockObject.GDI32(00000011), ref: 00B02A82
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00B02A8D
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00B02A97

Strings

static, xrefs: 00B0294F, 00B02A71
AutoIt v3, xrefs: 00B028F8
DISPLAY, xrefs: 00B0295A
msctls_progress32, xrefs: 00B02A13

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 5f767fc5a62092cdf3d4206eca6d3c4e67c98b84da7feb3cd4439abc359f9ade
Instruction ID: b0e68b093fa5918c586f4fed15160483d76e85cb7301fafc6201f1eb26616f2b
Opcode Fuzzy Hash: 5f767fc5a62092cdf3d4206eca6d3c4e67c98b84da7feb3cd4439abc359f9ade
Instruction Fuzzy Hash: BCB14971A40215BFEB14DFA8CD89FAE7BB9EB08711F108554F915E72A0DB70AD40CBA4

Function 00AF4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00AF4AED
GetDriveTypeW.KERNEL32(?,00B1CB68,?,\\.\,00B1CC08), ref: 00AF4BCA
SetErrorMode.KERNEL32(00000000,00B1CB68,?,\\.\,00B1CC08), ref: 00AF4D36

Strings

ATAPI, xrefs: 00AF4C91
Fibre, xrefs: 00AF4CAD
PhysicalDrive, xrefs: 00AF4B76
Network, xrefs: 00AF4C02
RAMDisk, xrefs: 00AF4BF4
FileBackedVirtual, xrefs: 00AF4CEC
MMC, xrefs: 00AF4CDE
1394, xrefs: 00AF4C9F
SSD, xrefs: 00AF4C4A
iSCSI, xrefs: 00AF4CC2
RAID, xrefs: 00AF4CBB
SCSI, xrefs: 00AF4C8A
SATA, xrefs: 00AF4CD0
Fixed, xrefs: 00AF4C09
Removable, xrefs: 00AF4C10, 00AF4C15
Virtual, xrefs: 00AF4CE5
USB, xrefs: 00AF4CB4
\\.\, xrefs: 00AF4B3F
Unknown, xrefs: 00AF4BED, 00AF4C83
CDROM, xrefs: 00AF4BFB
SSA, xrefs: 00AF4CA6
ATA, xrefs: 00AF4C98
SAS, xrefs: 00AF4CC9

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 85a8120173ab2d3a797613af03d81fc28dbbba477c88595718beb95cc3163432
Instruction ID: 5c7d31d69e6bdf5435c16c32d068931689cad9e41a63c4203d512441a16b6797
Opcode Fuzzy Hash: 85a8120173ab2d3a797613af03d81fc28dbbba477c88595718beb95cc3163432
Instruction Fuzzy Hash: 7E61D430A4520D9BCB04DFA4CA8197E77F0EB4D714B249065F906AB262DB35DE42EB52

Function 00B173E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 00B17421
SetTextColor.GDI32(?,?), ref: 00B17425
GetSysColorBrush.USER32(0000000F), ref: 00B1743B
GetSysColor.USER32(0000000F), ref: 00B17446
CreateSolidBrush.GDI32(?), ref: 00B1744B
GetSysColor.USER32(00000011), ref: 00B17463
CreatePen.GDI32(00000000,00000001,00743C00), ref: 00B17471
SelectObject.GDI32(?,00000000), ref: 00B17482
SetBkColor.GDI32(?,00000000), ref: 00B1748B
SelectObject.GDI32(?,?), ref: 00B17498
InflateRect.USER32(?,000000FF,000000FF), ref: 00B174B7
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00B174CE
GetWindowLongW.USER32(00000000,000000F0), ref: 00B174DB
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B1752A
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00B17554
InflateRect.USER32(?,000000FD,000000FD), ref: 00B17572
DrawFocusRect.USER32(?,?), ref: 00B1757D
GetSysColor.USER32(00000011), ref: 00B1758E
SetTextColor.GDI32(?,00000000), ref: 00B17596
DrawTextW.USER32(?,00B170F5,000000FF,?,00000000), ref: 00B175A8
SelectObject.GDI32(?,?), ref: 00B175BF
DeleteObject.GDI32(?), ref: 00B175CA
SelectObject.GDI32(?,?), ref: 00B175D0
DeleteObject.GDI32(?), ref: 00B175D5
SetTextColor.GDI32(?,?), ref: 00B175DB
SetBkColor.GDI32(?,?), ref: 00B175E5

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: 87ccfeae3265ecb5d5b5a20ea8f8e1089733a109b7632a943e3c34a13e59f59f
Instruction ID: 20c9c8fa4ffc88904643ec9b3ad3a3364225fb471cbfa23273ce1911398c66c0
Opcode Fuzzy Hash: 87ccfeae3265ecb5d5b5a20ea8f8e1089733a109b7632a943e3c34a13e59f59f
Instruction Fuzzy Hash: 02615D72984218FFDF019FA4DC49AEE7FB9EB08320F618155F915BB2A1DB749940CB90

Function 00B10FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00B11128
GetDesktopWindow.USER32 ref: 00B1113D
GetWindowRect.USER32(00000000), ref: 00B11144
GetWindowLongW.USER32(?,000000F0), ref: 00B11199
DestroyWindow.USER32(?), ref: 00B111B9
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00B111ED
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B1120B
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00B1121D
SendMessageW.USER32(00000000,00000421,?,?), ref: 00B11232
SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00B11245
IsWindowVisible.USER32(00000000), ref: 00B112A1
SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00B112BC
SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00B112D0
GetWindowRect.USER32(00000000,?), ref: 00B112E8
MonitorFromPoint.USER32(?,?,00000002), ref: 00B1130E
GetMonitorInfoW.USER32(00000000,?), ref: 00B11328
CopyRect.USER32(?,?), ref: 00B1133F
SendMessageW.USER32(00000000,00000412,00000000), ref: 00B113AA

Strings

tooltips_class32, xrefs: 00B111E6
0, xrefs: 00B110D3
(, xrefs: 00B1131B

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: 61546cc84ab6ce67390fc6e5fed97a534542c60d0ea1000c209956d57b5879a9
Instruction ID: 36c76d7c6fe2e35d55136b50c7b14d2c49946b01c6232ddb803493fd5f7228a2
Opcode Fuzzy Hash: 61546cc84ab6ce67390fc6e5fed97a534542c60d0ea1000c209956d57b5879a9
Instruction Fuzzy Hash: 5AB19E71604341AFD704DF68C985BAEBBE4FF88750F408958FA999B2A1CB31DC44CBA1

Function 00A98891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A98968
GetSystemMetrics.USER32(00000007), ref: 00A98970
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A9899B
GetSystemMetrics.USER32(00000008), ref: 00A989A3
GetSystemMetrics.USER32(00000004), ref: 00A989C8
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00A989E5
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00A989F5
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00A98A28
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00A98A3C
GetClientRect.USER32(00000000,000000FF), ref: 00A98A5A
GetStockObject.GDI32(00000011), ref: 00A98A76
SendMessageW.USER32(00000000,00000030,00000000), ref: 00A98A81

Part of subcall function 00A9912D: GetCursorPos.USER32(?), ref: 00A99141
Part of subcall function 00A9912D: ScreenToClient.USER32(00000000,?), ref: 00A9915E
Part of subcall function 00A9912D: GetAsyncKeyState.USER32(00000001), ref: 00A99183
Part of subcall function 00A9912D: GetAsyncKeyState.USER32(00000002), ref: 00A9919D

SetTimer.USER32(00000000,00000000,00000028,00A990FC), ref: 00A98AA8

Strings

AutoIt v3 GUI, xrefs: 00A98A20

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: cbb68c01de623015d40f64880b3e00c46bcdd138b521046526d7ad059d4ea7f4
Instruction ID: 7f5d2e9f72d1df0a4983efe84fbd597f26768798f4b8c47dc79b7b0c5b4b082a
Opcode Fuzzy Hash: cbb68c01de623015d40f64880b3e00c46bcdd138b521046526d7ad059d4ea7f4
Instruction Fuzzy Hash: E7B16C71A40209AFDF14DFA8CD45BEE3BF5FB48315F10856AFA16A7290DB34A841CB50

Function 00AE0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00AE10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00AE1114
Part of subcall function 00AE10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE1120
Part of subcall function 00AE10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE112F
Part of subcall function 00AE10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE1136
Part of subcall function 00AE10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00AE114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00AE0DF5
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00AE0E29
GetLengthSid.ADVAPI32(?), ref: 00AE0E40
GetAce.ADVAPI32(?,00000000,?), ref: 00AE0E7A
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00AE0E96
GetLengthSid.ADVAPI32(?), ref: 00AE0EAD
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00AE0EB5
HeapAlloc.KERNEL32(00000000), ref: 00AE0EBC
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00AE0EDD
CopySid.ADVAPI32(00000000), ref: 00AE0EE4
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00AE0F13
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00AE0F35
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00AE0F47
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE0F6E
HeapFree.KERNEL32(00000000), ref: 00AE0F75
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE0F7E
HeapFree.KERNEL32(00000000), ref: 00AE0F85
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE0F8E
HeapFree.KERNEL32(00000000), ref: 00AE0F95
GetProcessHeap.KERNEL32(00000000,?), ref: 00AE0FA1
HeapFree.KERNEL32(00000000), ref: 00AE0FA8

Part of subcall function 00AE1193: GetProcessHeap.KERNEL32(00000008,00AE0BB1,?,00000000,?,00AE0BB1,?), ref: 00AE11A1
Part of subcall function 00AE1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00AE0BB1,?), ref: 00AE11A8
Part of subcall function 00AE1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00AE0BB1,?), ref: 00AE11B7

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 580e6f562cc295c66c843e4d46a42da7f810d4f0c1a15c65fd50a88fd5b766b7
Instruction ID: 5580bcdc49d0f757909d8c1cebcad1b28946db06283d7b4ae86d51dd22fd186a
Opcode Fuzzy Hash: 580e6f562cc295c66c843e4d46a42da7f810d4f0c1a15c65fd50a88fd5b766b7
Instruction Fuzzy Hash: CA717B7294024AABDB209FA5DC48FEEBBB8BF08300F148115F959E7191DB709E55CB60

Function 00B0C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B0C4BD
RegCreateKeyExW.ADVAPI32(?,?,00000000,00B1CC08,00000000,?,00000000,?,?), ref: 00B0C544
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00B0C5A4
_wcslen.LIBCMT ref: 00B0C5F4
_wcslen.LIBCMT ref: 00B0C66F
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00B0C6B2
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00B0C7C1
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00B0C84D
RegCloseKey.ADVAPI32(?), ref: 00B0C881
RegCloseKey.ADVAPI32(00000000), ref: 00B0C88E
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00B0C960

Strings

REG_SZ, xrefs: 00B0C644
REG_BINARY, xrefs: 00B0C913
REG_EXPAND_SZ, xrefs: 00B0C5CD
REG_QWORD, xrefs: 00B0C8C3
REG_MULTI_SZ, xrefs: 00B0C6F5
REG_DWORD, xrefs: 00B0C804

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: 730ccc2e3c724ae7dfe14ad2ce0b1207e2773560d560cb2c38791f7149b6adee
Instruction ID: ca5ab5113f6a5354c19319ee68ccea4a9315b43483174edfa740231d19ae225d
Opcode Fuzzy Hash: 730ccc2e3c724ae7dfe14ad2ce0b1207e2773560d560cb2c38791f7149b6adee
Instruction Fuzzy Hash: 181269356042019FDB14EF14C981A2ABBE5FF88714F14899CF89A9B3A2DB31FD41CB95

Function 00B1091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00B109C6
_wcslen.LIBCMT ref: 00B10A01
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00B10A54
_wcslen.LIBCMT ref: 00B10A8A
_wcslen.LIBCMT ref: 00B10B06
_wcslen.LIBCMT ref: 00B10B81

Part of subcall function 00A9F9F2: _wcslen.LIBCMT ref: 00A9F9FD

Part of subcall function 00AE2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00AE2BFA

Strings

CHECK, xrefs: 00B10A85, 00B10AA0
GETITEMCOUNT, xrefs: 00B10C1E
GETTEXT, xrefs: 00B10C97
COLLAPSE, xrefs: 00B10B01, 00B10B1C
ISCHECKED, xrefs: 00B10CE1
SELECT, xrefs: 00B10D11
GETSELECTED, xrefs: 00B10C4E
EXISTS, xrefs: 00B10B7C, 00B10B97
UNCHECK, xrefs: 00B10D3E
GETTOTALCOUNT, xrefs: 00B109F2, 00B10A17
EXPAND, xrefs: 00B10BF8

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: 0e269150fd342cf76365a0d2f9f27fca3bfe8d5a49fb774ac847393a8305c68b
Instruction ID: 0d91e5beded7437b4d56776ff64acdfc1b132441ba983bb82e9cfbe63e362c70
Opcode Fuzzy Hash: 0e269150fd342cf76365a0d2f9f27fca3bfe8d5a49fb774ac847393a8305c68b
Instruction Fuzzy Hash: 3BE1AF312283418FCB14EF24C59096AB7E1FF98314F94899DF8969B362DB70ED85CB91

Function 00B0C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B0B6AE,?,?), ref: 00B0C9B5
_wcslen.LIBCMT ref: 00B0C9F1
_wcslen.LIBCMT ref: 00B0CA68
_wcslen.LIBCMT ref: 00B0CA9E
_wcslen.LIBCMT ref: 00B0CAF9
_wcslen.LIBCMT ref: 00B0CB2F
_wcslen.LIBCMT ref: 00B0CB7F

Strings

HKCU, xrefs: 00B0CBCE
HKCR, xrefs: 00B0CB29, 00B0CB2E
HKEY_CLASSES_ROOT, xrefs: 00B0CAF3, 00B0CAF8
HKCC, xrefs: 00B0CBAC
HKEY_LOCAL_MACHINE, xrefs: 00B0CA62, 00B0CA67
HKEY_USERS, xrefs: 00B0CBDF
HKEY_CURRENT_USER, xrefs: 00B0CBBD
HKEY_CURRENT_CONFIG, xrefs: 00B0CB79, 00B0CB7E
HKLM, xrefs: 00B0CA98, 00B0CA9D
HKU, xrefs: 00B0CBF0

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: 782b0024cbd1fc9c6cb47b2810e48cc5fc2768cb721c49f9bdded7a34ec4f72c
Instruction ID: f61031300e11efba1ca26e588e472f23d4fae8c92f01c0ecb75d87bb3eccf6f6
Opcode Fuzzy Hash: 782b0024cbd1fc9c6cb47b2810e48cc5fc2768cb721c49f9bdded7a34ec4f72c
Instruction Fuzzy Hash: 2871E13360016A8BDB20DF6CC9415BB3FD5EBA1750B6507A8F866972D8EB30CE45D3A0

Function 00B1833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00B1835A
_wcslen.LIBCMT ref: 00B1836E
_wcslen.LIBCMT ref: 00B18391
_wcslen.LIBCMT ref: 00B183B4
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00B183F2
LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00B1361A,?), ref: 00B1844E
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00B18487
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00B184CA
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00B18501
FreeLibrary.KERNEL32(?), ref: 00B1850D
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00B1851D
DestroyIcon.USER32(?), ref: 00B1852C
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00B18549
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00B18555

Strings

.icl, xrefs: 00B18368
.exe, xrefs: 00B18388
.dll, xrefs: 00B183AB

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: 6b9e146e384dca60765044d0ad9f27ea82be78c2dbbd3cee56ff4e67cb8e4922
Instruction ID: 29e6ed438dbe608c480323990dcc36ac5822c26489e369eab03f4ee408bde6b4
Opcode Fuzzy Hash: 6b9e146e384dca60765044d0ad9f27ea82be78c2dbbd3cee56ff4e67cb8e4922
Instruction Fuzzy Hash: EB61CF71540205BAEB14DF64DC81BFE7BA8FB18B11F508649F815D71D1DFB4AA90CBA0

Function 00A87778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON

Download Yara Rule

Strings

", xrefs: 00AC5153
#notrayicon, xrefs: 00A877E7
#pragma compile, xrefs: 00A877D3
#requireadmin, xrefs: 00A877FF
#comments-end, xrefs: 00A878D9
#include, xrefs: 00A87847
#comments-start, xrefs: 00A8785F, 00A878B1
#include-once, xrefs: 00A8782F
Unterminated group of comments, xrefs: 00AC528C
Cannot parse #include, xrefs: 00AC5279
#OnAutoItStartRegister, xrefs: 00A87817
#ce, xrefs: 00A878ED
Bad directive syntax error, xrefs: 00AC519A
', xrefs: 00AC5169
#cs, xrefs: 00A87873, 00A878C5

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 0-1645009161
Opcode ID: 3d6c0787845a14dbd1b514643656b5d876c72e0ddd63896133a600b909e1ec1c
Instruction ID: 6b4dcbba685b4aae6d6ef73fdf8841f87a23eeb22aecdf7522661659f3f08898
Opcode Fuzzy Hash: 3d6c0787845a14dbd1b514643656b5d876c72e0ddd63896133a600b909e1ec1c
Instruction Fuzzy Hash: 9C81D071A44605BBDB20BF60CD42FAF7BB8AF15300F154068F805AB1D6EB74EA91C7A1

Function 00AF3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 00AF3EF8
_wcslen.LIBCMT ref: 00AF3F03
_wcslen.LIBCMT ref: 00AF3F5A
_wcslen.LIBCMT ref: 00AF3F98
GetDriveTypeW.KERNEL32(?), ref: 00AF3FD6
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AF401E
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AF4059
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AF4087

Strings

type cdaudio alias cd wait, xrefs: 00AF4001
close cd wait, xrefs: 00AF4072
wait, xrefs: 00AF4044
open, xrefs: 00AF3F54, 00AF3F59
set cd door , xrefs: 00AF4028
open , xrefs: 00AF3FE5
closed, xrefs: 00AF3F08, 00AF3F2D, 00AF3F46, 00AF3F7E, 00AF3F97
close, xrefs: 00AF3EFE, 00AF3F18

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: SendString_wcslen$BuffCharDriveLowerType
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 1839972693-4113822522
Opcode ID: 02ce18d7ca4d04462a49f861ade83d91702b28cce1ceab91d1775d75a4684af6
Instruction ID: b9e938064f59cbf9ed921c97bd564fad0dc61479abd496abb8357e2b3859fa43
Opcode Fuzzy Hash: 02ce18d7ca4d04462a49f861ade83d91702b28cce1ceab91d1775d75a4684af6
Instruction Fuzzy Hash: F171CD32A042069FC710EF24C98197BB7F4EF99758F00492DFA9697261EB30DE45CB92

Function 00AE5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00AE5A2E
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00AE5A40
SetWindowTextW.USER32(?,?), ref: 00AE5A57
GetDlgItem.USER32(?,000003EA), ref: 00AE5A6C
SetWindowTextW.USER32(00000000,?), ref: 00AE5A72
GetDlgItem.USER32(?,000003E9), ref: 00AE5A82
SetWindowTextW.USER32(00000000,?), ref: 00AE5A88
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00AE5AA9
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00AE5AC3
GetWindowRect.USER32(?,?), ref: 00AE5ACC
_wcslen.LIBCMT ref: 00AE5B33
SetWindowTextW.USER32(?,?), ref: 00AE5B6F
GetDesktopWindow.USER32 ref: 00AE5B75
GetWindowRect.USER32(00000000), ref: 00AE5B7C
MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00AE5BD3
GetClientRect.USER32(?,?), ref: 00AE5BE0
PostMessageW.USER32(?,00000005,00000000,?), ref: 00AE5C05
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00AE5C2F

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
String ID:
API String ID: 895679908-0
Opcode ID: d69c05e5c3708ba00e86ebb76acd45ac9aa233596fd33451fd400d0ab00a630e
Instruction ID: c3ed702d0f3d9a3039073a7642d0487925b6fb6e64666b79552a15f56a423bcf
Opcode Fuzzy Hash: d69c05e5c3708ba00e86ebb76acd45ac9aa233596fd33451fd400d0ab00a630e
Instruction Fuzzy Hash: 4A715D31900B49AFDB20DFB9DE85AAEBBF5FF48708F104518E542A35A0DB75E944CB50

Function 00AFFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 00AFFE27
LoadCursorW.USER32(00000000,00007F8A), ref: 00AFFE32
LoadCursorW.USER32(00000000,00007F00), ref: 00AFFE3D
LoadCursorW.USER32(00000000,00007F03), ref: 00AFFE48
LoadCursorW.USER32(00000000,00007F8B), ref: 00AFFE53
LoadCursorW.USER32(00000000,00007F01), ref: 00AFFE5E
LoadCursorW.USER32(00000000,00007F81), ref: 00AFFE69
LoadCursorW.USER32(00000000,00007F88), ref: 00AFFE74
LoadCursorW.USER32(00000000,00007F80), ref: 00AFFE7F
LoadCursorW.USER32(00000000,00007F86), ref: 00AFFE8A
LoadCursorW.USER32(00000000,00007F83), ref: 00AFFE95
LoadCursorW.USER32(00000000,00007F85), ref: 00AFFEA0
LoadCursorW.USER32(00000000,00007F82), ref: 00AFFEAB
LoadCursorW.USER32(00000000,00007F84), ref: 00AFFEB6
LoadCursorW.USER32(00000000,00007F04), ref: 00AFFEC1
LoadCursorW.USER32(00000000,00007F02), ref: 00AFFECC
GetCursorInfo.USER32(?), ref: 00AFFEDC
GetLastError.KERNEL32 ref: 00AFFF1E

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: 6d15f25c2c41ccaee6fb90310c070c3be2ec058f426e0eb6fef4479af3602b17
Instruction ID: 4379941068ccfc1d76dfbb101ac3fab2477320f40f762b4872c3d35bfed16523
Opcode Fuzzy Hash: 6d15f25c2c41ccaee6fb90310c070c3be2ec058f426e0eb6fef4479af3602b17
Instruction Fuzzy Hash: 914144B0D443196EDB109FBA8C8586EBFE8FF04754B50852AF11DE7291DB789901CF91

Function 00AA00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00AA00C6

Part of subcall function 00AA00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00B5070C,00000FA0,8DE1778D,?,?,?,?,00AC23B3,000000FF), ref: 00AA011C
Part of subcall function 00AA00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00AC23B3,000000FF), ref: 00AA0127
Part of subcall function 00AA00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00AC23B3,000000FF), ref: 00AA0138
Part of subcall function 00AA00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00AA014E
Part of subcall function 00AA00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00AA015C
Part of subcall function 00AA00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00AA016A
Part of subcall function 00AA00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00AA0195
Part of subcall function 00AA00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00AA01A0

___scrt_fastfail.LIBCMT ref: 00AA00E7

Part of subcall function 00AA00A3: __onexit.LIBCMT ref: 00AA00A9

Strings

WakeAllConditionVariable, xrefs: 00AA0162
SleepConditionVariableCS, xrefs: 00AA0154
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00AA0122
kernel32.dll, xrefs: 00AA0133
InitializeConditionVariable, xrefs: 00AA0148

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: 6884776bada938eb51a3e19e87eb8e0559789972622ec0947303c8f16696194c
Instruction ID: 79abcac19d06b2f2bd67a667436abab71b1a80dc5d3b22565183389b89791149
Opcode Fuzzy Hash: 6884776bada938eb51a3e19e87eb8e0559789972622ec0947303c8f16696194c
Instruction Fuzzy Hash: 4C21A7326847116FDB116B64BD46FF937E4EB46F51F404679F805E72E1DF649C008A90

Function 00AE30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00AE318D
_wcslen.LIBCMT ref: 00AE31F8

Strings

NAME, xrefs: 00AE3335, 00AE3346
CLASSNN, xrefs: 00AE31F3, 00AE3204
CLASS, xrefs: 00AE3188, 00AE31A5
INSTANCE, xrefs: 00AE3453
TEXT, xrefs: 00AE347C
REGEXPCLASS, xrefs: 00AE3255, 00AE3266

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 176396367-1603158881
Opcode ID: 61275be9a411a77fd9613d5249f347637e12c4f570e7d71930248f212677f045
Instruction ID: 9794f90fa1bfc526857457daad236012ad3f2e5269384052b9b78c111a3146de
Opcode Fuzzy Hash: 61275be9a411a77fd9613d5249f347637e12c4f570e7d71930248f212677f045
Instruction Fuzzy Hash: 54E10533A00556AFCF249F69C859BEEFBB0BF54710F548169E456E7280DB30AF8587A0

Function 00AF44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,00B1CC08), ref: 00AF4527
_wcslen.LIBCMT ref: 00AF453B
_wcslen.LIBCMT ref: 00AF4599
_wcslen.LIBCMT ref: 00AF45F4
_wcslen.LIBCMT ref: 00AF463F
_wcslen.LIBCMT ref: 00AF46A7

Part of subcall function 00A9F9F2: _wcslen.LIBCMT ref: 00A9F9FD

GetDriveTypeW.KERNEL32(?,00B46BF0,00000061), ref: 00AF4743

Strings

cdrom, xrefs: 00AF458F, 00AF4594
fixed, xrefs: 00AF4635, 00AF463A
ramdisk, xrefs: 00AF46F1
unknown, xrefs: 00AF4708
network, xrefs: 00AF469D, 00AF46A2
all, xrefs: 00AF4531, 00AF4536
removable, xrefs: 00AF45EA, 00AF45EF

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: 8ad8f9f54649984c3a2c5bb941911e29afa4b885b835880e59663612ce0a70df
Instruction ID: e85c7a5e8ea5f341bb405b944d3311624819cbcfa615270e006d7eac04896af9
Opcode Fuzzy Hash: 8ad8f9f54649984c3a2c5bb941911e29afa4b885b835880e59663612ce0a70df
Instruction Fuzzy Hash: 3AB1FE316083069FC710EF68C990A7BB7E5AFAA760F50491DF696C7291E730DD44CBA2

Function 00B03FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00B1CC08), ref: 00B040BB
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00B040CD
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00B1CC08), ref: 00B040F2
FreeLibrary.KERNEL32(00000000,?,00B1CC08), ref: 00B0413E
StringFromGUID2.OLE32(?,?,00000028,?,00B1CC08), ref: 00B041A8
SysFreeString.OLEAUT32(00000009), ref: 00B04262
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00B042C8
SysFreeString.OLEAUT32(?), ref: 00B042F2

Strings

kernel32.dll, xrefs: 00B040B6
GetModuleHandleExW, xrefs: 00B040C7

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 354098117-199464113
Opcode ID: 7a8d7e57bb5623e0e961b0b216ba36c5e6dac8c81ccff3b9de9a41804da7831f
Instruction ID: fb81b6a5fcaf284728b403996695fa8a86214e13bd36bcdc3467b0bab8009544
Opcode Fuzzy Hash: 7a8d7e57bb5623e0e961b0b216ba36c5e6dac8c81ccff3b9de9a41804da7831f
Instruction Fuzzy Hash: C5122DB5A00115EFDB14DF54C984EAEBBF5FF45314F248098EA05AB2A1DB31ED46CBA0

Function 00A8326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(00B51990), ref: 00AC2F8D
GetMenuItemCount.USER32(00B51990), ref: 00AC303D
GetCursorPos.USER32(?), ref: 00AC3081
SetForegroundWindow.USER32(00000000), ref: 00AC308A
TrackPopupMenuEx.USER32(00B51990,00000000,?,00000000,00000000,00000000), ref: 00AC309D
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00AC30A9

Strings

0, xrefs: 00A8327D

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID: 0
API String ID: 36266755-4108050209
Opcode ID: ac935da290b6de1fed706a5ef7077354ea4b09d1a5494100668a30690bce8cd0
Instruction ID: 141ab43e7b33296edc4bf19085d2cfeadc82b5a4b7ffdae74730998697256630
Opcode Fuzzy Hash: ac935da290b6de1fed706a5ef7077354ea4b09d1a5494100668a30690bce8cd0
Instruction Fuzzy Hash: 3F71F771644209BEEF259F28CC49FEABF75FF15764F20421AF5146A1E0CBB1A920DB90

Function 00B16CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 00B16DEB

Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00B16E5F
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00B16E81
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B16E94
DestroyWindow.USER32(?), ref: 00B16EB5
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00A80000,00000000), ref: 00B16EE4
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B16EFD
GetDesktopWindow.USER32 ref: 00B16F16
GetWindowRect.USER32(00000000), ref: 00B16F1D
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00B16F35
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00B16F4D

Part of subcall function 00A99944: GetWindowLongW.USER32(?,000000EB), ref: 00A99952

Strings

tooltips_class32, xrefs: 00B16E58, 00B16EDD
0, xrefs: 00B16D98

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: bff4677d6128856f33ceadcbb249768a8d25dc0b9397a33c7d501c057eaaebbb
Instruction ID: 15053bc37e102afaae2ffa40bd2ce864a492e125f5c70df000bfdff56dd02c52
Opcode Fuzzy Hash: bff4677d6128856f33ceadcbb249768a8d25dc0b9397a33c7d501c057eaaebbb
Instruction Fuzzy Hash: 5B716675244340AFDB21CF18DC48BAABBE9FB89304F84499DF99987261CB70A946CB11

Function 00B1911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2

DragQueryPoint.SHELL32(?,?), ref: 00B19147

Part of subcall function 00B17674: ClientToScreen.USER32(?,?), ref: 00B1769A
Part of subcall function 00B17674: GetWindowRect.USER32(?,?), ref: 00B17710
Part of subcall function 00B17674: PtInRect.USER32(?,?,00B18B89), ref: 00B17720

SendMessageW.USER32(?,000000B0,?,?), ref: 00B191B0
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00B191BB
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00B191DE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 00B19225
SendMessageW.USER32(?,000000B0,?,?), ref: 00B1923E
SendMessageW.USER32(?,000000B1,?,?), ref: 00B19255
SendMessageW.USER32(?,000000B1,?,?), ref: 00B19277
DragFinish.SHELL32(?), ref: 00B1927E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00B19371

Strings

@GUI_DRAGFILE, xrefs: 00B19320
@GUI_DRAGID, xrefs: 00B192E9
@GUI_DROPID, xrefs: 00B1929E

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 221274066-3440237614
Opcode ID: b4e52cc1c8e08cdb63b7bb87072aa73438e9f2df8da808fc15e02ca4e880e331
Instruction ID: 282fa3b120a7d97c5ad1f7affd4a96ef959be645a79398ba93f88f72a59f9c46
Opcode Fuzzy Hash: b4e52cc1c8e08cdb63b7bb87072aa73438e9f2df8da808fc15e02ca4e880e331
Instruction Fuzzy Hash: 59618B71108301AFD701EF64DD85EAFBBE8EF88750F40496EF595931A0DB309A49CB92

Function 00AFC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00AFC4B0
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00AFC4C3
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00AFC4D7
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00AFC4F0
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00AFC533
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00AFC549
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00AFC554
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00AFC584
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00AFC5DC
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00AFC5F0
InternetCloseHandle.WININET(00000000), ref: 00AFC5FB

Strings

, xrefs: 00AFC575

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: a0407e5ea6e6f641900205757226428c3e1f7864f9f8bf4f88b97e7959b91733
Instruction ID: 32d8e2ccb387509c6ea1c6f12623558ce3e441e1341021c3a9b53b25391a98bc
Opcode Fuzzy Hash: a0407e5ea6e6f641900205757226428c3e1f7864f9f8bf4f88b97e7959b91733
Instruction Fuzzy Hash: 5C513CB158020DBFDB218FA1CA48ABB7BBCFB08764F008419FA46D7250DB74E944DB60

Function 00B1856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00B18592
GetFileSize.KERNEL32(00000000,00000000), ref: 00B185A2
GlobalAlloc.KERNEL32(00000002,00000000), ref: 00B185AD
CloseHandle.KERNEL32(00000000), ref: 00B185BA
GlobalLock.KERNEL32(00000000), ref: 00B185C8
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00B185D7
GlobalUnlock.KERNEL32(00000000), ref: 00B185E0
CloseHandle.KERNEL32(00000000), ref: 00B185E7
CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00B185F8
OleLoadPicture.OLEAUT32(?,00000000,00000000,00B1FC38,?), ref: 00B18611
GlobalFree.KERNEL32(00000000), ref: 00B18621
GetObjectW.GDI32(?,00000018,000000FF), ref: 00B18641
CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00B18671
DeleteObject.GDI32(00000000), ref: 00B18699
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00B186AF

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: 7c2353177f3917d8b73fd33b5dee5abba946b4936fee608287be541991d9d964
Instruction ID: e8e8b301c7cf7dfe1f11ea4fc56579c18c52a40627c5a79cea4f842f99ab6e7b
Opcode Fuzzy Hash: 7c2353177f3917d8b73fd33b5dee5abba946b4936fee608287be541991d9d964
Instruction Fuzzy Hash: 55411875640208BFDB119FA5DC88EEA7BBDFF89B11F508068F905E7260DB309A41CB60

Function 00AF14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00AF1502
VariantCopy.OLEAUT32(?,?), ref: 00AF150B
VariantClear.OLEAUT32(?), ref: 00AF1517
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00AF15FB
VarR8FromDec.OLEAUT32(?,?), ref: 00AF1657
VariantInit.OLEAUT32(?), ref: 00AF1708
SysFreeString.OLEAUT32(?), ref: 00AF178C
VariantClear.OLEAUT32(?), ref: 00AF17D8
VariantClear.OLEAUT32(?), ref: 00AF17E7
VariantInit.OLEAUT32(00000000), ref: 00AF1823

Strings

Default, xrefs: 00AF16AF
%4d%02d%02d%02d%02d%02d, xrefs: 00AF1625

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 1234038744-3931177956
Opcode ID: 2289a317dd05e3b5218c6ca2496fb912d2554d1162f29cbf0a26e51125d2ff5c
Instruction ID: 3d52d88536be9c308f109e6d7ad932be72ebf7691cd2a864c8f877043a5805d5
Opcode Fuzzy Hash: 2289a317dd05e3b5218c6ca2496fb912d2554d1162f29cbf0a26e51125d2ff5c
Instruction Fuzzy Hash: 8DD1E071A04219EFDF04AFA5D985BB9B7F6BF44700F148056FA06AB280DB30EC41DBA1

Function 00B0B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00B0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B0B6AE,?,?), ref: 00B0C9B5
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0C9F1
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA68
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B0B6F4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B0B772
RegDeleteValueW.ADVAPI32(?,?), ref: 00B0B80A
RegCloseKey.ADVAPI32(?), ref: 00B0B87E
RegCloseKey.ADVAPI32(?), ref: 00B0B89C
LoadLibraryA.KERNEL32(advapi32.dll), ref: 00B0B8F2
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00B0B904
RegDeleteKeyW.ADVAPI32(?,?), ref: 00B0B922
FreeLibrary.KERNEL32(00000000), ref: 00B0B983
RegCloseKey.ADVAPI32(00000000), ref: 00B0B994

Strings

RegDeleteKeyExW, xrefs: 00B0B8FE
advapi32.dll, xrefs: 00B0B8ED

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 146587525-4033151799
Opcode ID: a01bba633c413f8fa09bf4ffebf3e457e89959b5b95f3eb74e65b1312e5a7dbb
Instruction ID: eb970285cfd0070d7bc615b0f1b4babc2c9b4a4f92c3101b2656d8dd2cae8f7f
Opcode Fuzzy Hash: a01bba633c413f8fa09bf4ffebf3e457e89959b5b95f3eb74e65b1312e5a7dbb
Instruction Fuzzy Hash: DBC16B35208201AFD714DF24C495F2ABBE5FF84318F54859CF5AA8B2A2CB71ED45CB92

Function 00B0255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00B025D8
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00B025E8
CreateCompatibleDC.GDI32(?), ref: 00B025F4
SelectObject.GDI32(00000000,?), ref: 00B02601
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00B0266D
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00B026AC
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00B026D0
SelectObject.GDI32(?,?), ref: 00B026D8
DeleteObject.GDI32(?), ref: 00B026E1
DeleteDC.GDI32(?), ref: 00B026E8
ReleaseDC.USER32(00000000,?), ref: 00B026F3

Strings

(, xrefs: 00B0268D

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: 579fd81ca27604b49fbb7bf5bed3ce7feb493886d94a048ee49f40baaabc0f38
Instruction ID: 0fbfd9a91acc403864170d9ab1136931f79c3800fae381c80a3a6a91c98ce381
Opcode Fuzzy Hash: 579fd81ca27604b49fbb7bf5bed3ce7feb493886d94a048ee49f40baaabc0f38
Instruction Fuzzy Hash: DC61E275D00219EFCF04CFA4D888AAEBBF6FF48310F208569E955A7250D771A951CF50

Function 00ABDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00ABDAA1

Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD659
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD66B
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD67D
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD68F
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD6A1
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD6B3
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD6C5
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD6D7
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD6E9
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD6FB
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD70D
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD71F
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD731

_free.LIBCMT ref: 00ABDA96

Part of subcall function 00AB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000), ref: 00AB29DE
Part of subcall function 00AB29C8: GetLastError.KERNEL32(00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000,00000000), ref: 00AB29F0

_free.LIBCMT ref: 00ABDAB8
_free.LIBCMT ref: 00ABDACD
_free.LIBCMT ref: 00ABDAD8
_free.LIBCMT ref: 00ABDAFA
_free.LIBCMT ref: 00ABDB0D
_free.LIBCMT ref: 00ABDB1B
_free.LIBCMT ref: 00ABDB26
_free.LIBCMT ref: 00ABDB5E
_free.LIBCMT ref: 00ABDB65
_free.LIBCMT ref: 00ABDB82
_free.LIBCMT ref: 00ABDB9A

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 921339c503ddfbf06274601934e45e211732a45472e6d7c2e25a0c1875aeec6c
Instruction ID: a27b927b7bf38ecaf30e75b4e6ccfa324c2f3442af1d7ecd18af0515840fe100
Opcode Fuzzy Hash: 921339c503ddfbf06274601934e45e211732a45472e6d7c2e25a0c1875aeec6c
Instruction Fuzzy Hash: B2313D31604705AFEB21AB39E945BD6BBEDFF40350F15481AE449D7193EF31AC508724

Function 00AE365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 00AE369C
_wcslen.LIBCMT ref: 00AE36A7
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00AE3797
GetClassNameW.USER32(?,?,00000400), ref: 00AE380C
GetDlgCtrlID.USER32(?), ref: 00AE385D
GetWindowRect.USER32(?,?), ref: 00AE3882
GetParent.USER32(?), ref: 00AE38A0
ScreenToClient.USER32(00000000), ref: 00AE38A7
GetClassNameW.USER32(?,?,00000100), ref: 00AE3921
GetWindowTextW.USER32(?,?,00000400), ref: 00AE395D

Strings

%s%u, xrefs: 00AE3734

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
String ID: %s%u
API String ID: 4010501982-679674701
Opcode ID: 057434578bd9d82e7b8a133ea4e325e6ca5d83dfe7d09136a24d728e64a78c14
Instruction ID: 63e2b7191d9d8533b311f9673281e67d00b9e9b58812e686b138734a99f3eaaa
Opcode Fuzzy Hash: 057434578bd9d82e7b8a133ea4e325e6ca5d83dfe7d09136a24d728e64a78c14
Instruction Fuzzy Hash: 5E91C272204746AFDB18DF26C899BEAF7A8FF44350F408529F999C3191DB30EA45CB91

Function 00AE4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 00AE4994
GetWindowTextW.USER32(?,?,00000400), ref: 00AE49DA
_wcslen.LIBCMT ref: 00AE49EB
CharUpperBuffW.USER32(?,00000000), ref: 00AE49F7
_wcsstr.LIBVCRUNTIME ref: 00AE4A2C
GetClassNameW.USER32(00000018,?,00000400), ref: 00AE4A64
GetWindowTextW.USER32(?,?,00000400), ref: 00AE4A9D
GetClassNameW.USER32(00000018,?,00000400), ref: 00AE4AE6
GetClassNameW.USER32(?,?,00000400), ref: 00AE4B20
GetWindowRect.USER32(?,?), ref: 00AE4B8B

Strings

ThumbnailClass, xrefs: 00AE4A6F, 00AE4AF1

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: f8b039579f48b3bb5dbd5ad9de2bbc58c390a474aab42322bb5bec2a70f33956
Instruction ID: 836d595a7298707f0787da297bd7394e536067b999f1faa824377cd77c6df523
Opcode Fuzzy Hash: f8b039579f48b3bb5dbd5ad9de2bbc58c390a474aab42322bb5bec2a70f33956
Instruction Fuzzy Hash: 7D9189710083459BDB04DF16C985BAABBECEF88354F048469FD859B096EB34ED45CBA1

Function 00AEBF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00B51990,000000FF,00000000,00000030), ref: 00AEBFAC
SetMenuItemInfoW.USER32(00B51990,00000004,00000000,00000030), ref: 00AEBFE1
Sleep.KERNEL32(000001F4), ref: 00AEBFF3
GetMenuItemCount.USER32(?), ref: 00AEC039
GetMenuItemID.USER32(?,00000000), ref: 00AEC056
GetMenuItemID.USER32(?,-00000001), ref: 00AEC082
GetMenuItemID.USER32(?,?), ref: 00AEC0C9
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00AEC10F
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AEC124
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AEC145

Strings

0, xrefs: 00AEBF3D

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep
String ID: 0
API String ID: 1460738036-4108050209
Opcode ID: af2969a33b6778d1fbea258bd99da276681987fe3375fef9269661ef913b4893
Instruction ID: 8964c2a327ef33e035c18ef26cf4b23a2fd4bf1ed58985e5a3c162babb2ca9d2
Opcode Fuzzy Hash: af2969a33b6778d1fbea258bd99da276681987fe3375fef9269661ef913b4893
Instruction Fuzzy Hash: 81617EB090038AAFDF11DF69DD88AEEBBB9FB05364F144155E811A3291CB35AD16CB60

Function 00B0CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00B0CC64
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00B0CC8D
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00B0CD48

Part of subcall function 00B0CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00B0CCAA
Part of subcall function 00B0CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00B0CCBD
Part of subcall function 00B0CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00B0CCCF
Part of subcall function 00B0CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00B0CD05
Part of subcall function 00B0CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00B0CD28

RegDeleteKeyW.ADVAPI32(?,?), ref: 00B0CCF3

Strings

RegDeleteKeyExW, xrefs: 00B0CCC9
advapi32.dll, xrefs: 00B0CCB8

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: 104dc5312c8d306c7e3e098ac1548dc6eda5c95152802d61b22059e0ccc00317
Instruction ID: a7e8c179af5b439886ac730822fc4b99ca753cf31743a045cad9469501a751b7
Opcode Fuzzy Hash: 104dc5312c8d306c7e3e098ac1548dc6eda5c95152802d61b22059e0ccc00317
Instruction Fuzzy Hash: D3316F71941129BBDB208B55DC88EFFBFBCEF45750F0042A5B906E3290DB349E45DAA0

Function 00AF3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00AF3D40
_wcslen.LIBCMT ref: 00AF3D6D
CreateDirectoryW.KERNEL32(?,00000000), ref: 00AF3D9D
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00AF3DBE
RemoveDirectoryW.KERNEL32(?), ref: 00AF3DCE
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00AF3E55
CloseHandle.KERNEL32(00000000), ref: 00AF3E60
CloseHandle.KERNEL32(00000000), ref: 00AF3E6B

Strings

:, xrefs: 00AF3D82
\, xrefs: 00AF3D77
\??\%s, xrefs: 00AF3D5B

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
String ID: :$\$\??\%s
API String ID: 1149970189-3457252023
Opcode ID: 4e77cd73d9adda5151e09837c3021deadcef54c16a8a2ed00c6aa8c31606b16a
Instruction ID: b31eb17e465dd42d4c7673d36a3f677f90a6f4b6bd3cf10679bf8f016a6d6d31
Opcode Fuzzy Hash: 4e77cd73d9adda5151e09837c3021deadcef54c16a8a2ed00c6aa8c31606b16a
Instruction Fuzzy Hash: FF31AF72A40219ABDF209FA0DC49FEF3BBDEF89740F5040A5F619D60A0EB7097448B64

Function 00AEE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00AEE6B4

Part of subcall function 00A9E551: timeGetTime.WINMM(?,?,00AEE6D4), ref: 00A9E555

Sleep.KERNEL32(0000000A), ref: 00AEE6E1
EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00AEE705
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00AEE727
SetActiveWindow.USER32 ref: 00AEE746
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00AEE754
SendMessageW.USER32(00000010,00000000,00000000), ref: 00AEE773
Sleep.KERNEL32(000000FA), ref: 00AEE77E
IsWindow.USER32 ref: 00AEE78A
EndDialog.USER32(00000000), ref: 00AEE79B

Strings

BUTTON, xrefs: 00AEE719

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: a8c2da6f69e5c4a3beb534702e38b18a351c038a3ced3b04c6075bfbce06b17b
Instruction ID: ae5340bb6df2585cb144b28cf8cc2d8a4c4c8dc76ec559b30660d53d09822db9
Opcode Fuzzy Hash: a8c2da6f69e5c4a3beb534702e38b18a351c038a3ced3b04c6075bfbce06b17b
Instruction Fuzzy Hash: EE21A2B0280385BFEB009F22EC89B663F6AF75634AF504865F505831B1DF71AC108B25

Function 00AEE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00AEEA5D
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00AEEA73
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AEEA84
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00AEEA96
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00AEEAA7

Strings

open , xrefs: 00AEEA0C
play PlayMe wait, xrefs: 00AEEA91
play PlayMe, xrefs: 00AEEAA2
alias PlayMe, xrefs: 00AEEA36
status PlayMe mode, xrefs: 00AEEA58
close PlayMe, xrefs: 00AEEA6E, 00AEEA9B

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: 44335ba0be477467f3710686075d7c42d00257e5b97dcff0a4b3deb97ddeddee
Instruction ID: 3de6210b5fb33fc1265e32b630ad58da9c072252730ceb795986b46b8f332a99
Opcode Fuzzy Hash: 44335ba0be477467f3710686075d7c42d00257e5b97dcff0a4b3deb97ddeddee
Instruction Fuzzy Hash: E1115131A9026979D720F7A2DD4ADFF6BBCEBD6B40F400469B401A20E1EEB00A05D6B1

Function 00AE9F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00AEA012
SetKeyboardState.USER32(?), ref: 00AEA07D
GetAsyncKeyState.USER32(000000A0), ref: 00AEA09D
GetKeyState.USER32(000000A0), ref: 00AEA0B4
GetAsyncKeyState.USER32(000000A1), ref: 00AEA0E3
GetKeyState.USER32(000000A1), ref: 00AEA0F4
GetAsyncKeyState.USER32(00000011), ref: 00AEA120
GetKeyState.USER32(00000011), ref: 00AEA12E
GetAsyncKeyState.USER32(00000012), ref: 00AEA157
GetKeyState.USER32(00000012), ref: 00AEA165
GetAsyncKeyState.USER32(0000005B), ref: 00AEA18E
GetKeyState.USER32(0000005B), ref: 00AEA19C

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: c2f07bed68065f22c28ad7a80d19eaae8ef4ac142486f6db4fa7d149eca17cf3
Instruction ID: 36b76ebbc7507b0692e40402b3345dbc0ef93cc17ed1c51697c62cbbfb36e3a8
Opcode Fuzzy Hash: c2f07bed68065f22c28ad7a80d19eaae8ef4ac142486f6db4fa7d149eca17cf3
Instruction Fuzzy Hash: 6351BA30A047C829FB35EB6289157EBBFB59F22380F088599D5C2571C2DA54BA4CC766

Function 00AE5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00AE5CE2
GetWindowRect.USER32(00000000,?), ref: 00AE5CFB
MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00AE5D59
GetDlgItem.USER32(?,00000002), ref: 00AE5D69
GetWindowRect.USER32(00000000,?), ref: 00AE5D7B
MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00AE5DCF
GetDlgItem.USER32(?,000003E9), ref: 00AE5DDD
GetWindowRect.USER32(00000000,?), ref: 00AE5DEF
MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00AE5E31
GetDlgItem.USER32(?,000003EA), ref: 00AE5E44
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00AE5E5A
InvalidateRect.USER32(?,00000000,00000001), ref: 00AE5E67

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: 47d5e379aea0d8ab258e806fb954a6188a8d6659fc40954be13ad667f80f4970
Instruction ID: b9787a5aa7cbd3f319b3f9461d5f8fc919d04765253f8ced120d8b164c7547d0
Opcode Fuzzy Hash: 47d5e379aea0d8ab258e806fb954a6188a8d6659fc40954be13ad667f80f4970
Instruction Fuzzy Hash: CB510BB1E40609AFDF18CF69DD89AAEBBB5EB48314F548129F915E7290DB709E00CB50

Function 00A98BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00A98F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A98BE8,?,00000000,?,?,?,?,00A98BBA,00000000,?), ref: 00A98FC5

DestroyWindow.USER32(?), ref: 00A98C81
KillTimer.USER32(00000000,?,?,?,?,00A98BBA,00000000,?), ref: 00A98D1B
DestroyAcceleratorTable.USER32(00000000), ref: 00AD6973
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00A98BBA,00000000,?), ref: 00AD69A1
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00A98BBA,00000000,?), ref: 00AD69B8
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00A98BBA,00000000), ref: 00AD69D4
DeleteObject.GDI32(00000000), ref: 00AD69E6

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: f5d99702383586dc0b2d38cf412655252e0d1eface4a0d8f24f4f8e370c0e7f1
Instruction ID: 6c60d689c445ade85e7134414f39a42944cb0a1b1f540366b48f7682c044a54b
Opcode Fuzzy Hash: f5d99702383586dc0b2d38cf412655252e0d1eface4a0d8f24f4f8e370c0e7f1
Instruction Fuzzy Hash: 8D619A30602700DFDF219F18CA58B697BF1FB46312F548959E0829B6A0CB79AD81CF90

Function 00A99838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00A99944: GetWindowLongW.USER32(?,000000EB), ref: 00A99952

GetSysColor.USER32(0000000F), ref: 00A99862

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: 101e05584f6b205a4c3ad175a04856a0d889b6aeaeb54599c760456482cc6164
Instruction ID: 539ddf47f6e2c974e04df7e6327e66dbfc7c64883ce9805506ca2e5259be129c
Opcode Fuzzy Hash: 101e05584f6b205a4c3ad175a04856a0d889b6aeaeb54599c760456482cc6164
Instruction Fuzzy Hash: 3841A131244640BFDF205F3C9C88BBA3BA5AB06331F54861DF9A2972E1EB319C42DB11

Function 00AE96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00ACF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00AE9717
LoadStringW.USER32(00000000,?,00ACF7F8,00000001), ref: 00AE9720

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00ACF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00AE9742
LoadStringW.USER32(00000000,?,00ACF7F8,00000001), ref: 00AE9745
MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00AE9866

Strings

^ ERROR, xrefs: 00AE97FB
%s (%d) : ==> %s: %s %s, xrefs: 00AE984A
Error: , xrefs: 00AE981D
Line %d:, xrefs: 00AE97A0
Line %d (File "%s"):, xrefs: 00AE978F

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wcslen
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 747408836-2268648507
Opcode ID: 902412c40225de4f6ee1dedda4c6050ebe8e316be5edf67290bdc9f967518346
Instruction ID: c7b6dea2fd2338b1b61f43260b7bd6d4015ab5e09d1a22b80faa0b87c131cb28
Opcode Fuzzy Hash: 902412c40225de4f6ee1dedda4c6050ebe8e316be5edf67290bdc9f967518346
Instruction Fuzzy Hash: 8B413972900209AADF04FBE1CE86EEFB778EF15740F540065F605760A2EB256F49CBA1

Function 00AE06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00AE07A2
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00AE07BE
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00AE07DA
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00AE0804
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00AE082C
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00AE0837
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00AE083C

Strings

\IPC$, xrefs: 00AE0784
SOFTWARE\Classes\, xrefs: 00AE070E
\CLSID, xrefs: 00AE0724

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: c37257b2ad16f5fce27d5824d843287fbd3a9e003b08f160003282fcda22bb69
Instruction ID: 3eb0a83ea9400bda350efba4d293edcc320c589497ce2b3a82468510c888287b
Opcode Fuzzy Hash: c37257b2ad16f5fce27d5824d843287fbd3a9e003b08f160003282fcda22bb69
Instruction Fuzzy Hash: D8413672C10229ABDF21EFA4DC85DEEB7B8FF14340F444129E901A71A1EB709E44CBA0

Function 00B13F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00B1403B
CreateCompatibleDC.GDI32(00000000), ref: 00B14042
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00B14055
SelectObject.GDI32(00000000,00000000), ref: 00B1405D
GetPixel.GDI32(00000000,00000000,00000000), ref: 00B14068
DeleteDC.GDI32(00000000), ref: 00B14072
GetWindowLongW.USER32(?,000000EC), ref: 00B1407C
SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00B14092
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00B1409E

Strings

static, xrefs: 00B13FD3

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: 7992d29e18439bc08681610df50d7fd32c46211edf13494552cb53d3c285f175
Instruction ID: d833afd53b70fa8674016b2fe2162acc53c83ab21a6eb48fae0a17409fdfb599
Opcode Fuzzy Hash: 7992d29e18439bc08681610df50d7fd32c46211edf13494552cb53d3c285f175
Instruction Fuzzy Hash: 41317A32540219BBDF219FA4CC09FDA3FA9FF0D720F514250FA18A60A0CB75D860DB50

Function 00B03C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00B03C5C
CoInitialize.OLE32(00000000), ref: 00B03C8A
CoUninitialize.OLE32 ref: 00B03C94
_wcslen.LIBCMT ref: 00B03D2D
GetRunningObjectTable.OLE32(00000000,?), ref: 00B03DB1
SetErrorMode.KERNEL32(00000001,00000029), ref: 00B03ED5
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00B03F0E
CoGetObject.OLE32(?,00000000,00B1FB98,?), ref: 00B03F2D
SetErrorMode.KERNEL32(00000000), ref: 00B03F40
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00B03FC4
VariantClear.OLEAUT32(?), ref: 00B03FD8

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
String ID:
API String ID: 429561992-0
Opcode ID: 0e8e7a36c8a90c11b85345ea7fe026d581accc1de5e3e71c1f1e8b7b2d461b58
Instruction ID: 6a4f36ba264e1f9c9be5fad0d5758878501e333d280804aac711621c67f7a423
Opcode Fuzzy Hash: 0e8e7a36c8a90c11b85345ea7fe026d581accc1de5e3e71c1f1e8b7b2d461b58
Instruction Fuzzy Hash: B2C158716083019FD700DF68C98896BBBE9FF89B44F14499DF98A9B290DB31ED05CB52

Function 00AF7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00AF7AF3
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00AF7B8F
SHGetDesktopFolder.SHELL32(?), ref: 00AF7BA3
CoCreateInstance.OLE32(00B1FD08,00000000,00000001,00B46E6C,?), ref: 00AF7BEF
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00AF7C74
CoTaskMemFree.OLE32(?,?), ref: 00AF7CCC
SHBrowseForFolderW.SHELL32(?), ref: 00AF7D57
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00AF7D7A
CoTaskMemFree.OLE32(00000000), ref: 00AF7D81
CoTaskMemFree.OLE32(00000000), ref: 00AF7DD6
CoUninitialize.OLE32 ref: 00AF7DDC

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: a4d32f28cb8a0f61375d5859ab1c92edbffe96cf5a89c97cdc8185e07368ac07
Instruction ID: 2d1002ffbb8d72a92cb3f8b6c57bfb1cfafa060b6261ff331a64f90359242507
Opcode Fuzzy Hash: a4d32f28cb8a0f61375d5859ab1c92edbffe96cf5a89c97cdc8185e07368ac07
Instruction Fuzzy Hash: 13C11975A04109AFCB14DFA4C884DAEBBF9FF49304B148499F91A9B361DB30EE45CB90

Function 00B1541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00B15504
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B15515
CharNextW.USER32(00000158), ref: 00B15544
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00B15585
SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00B1559B
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B155AC

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$CharNext
String ID:
API String ID: 1350042424-0
Opcode ID: 6f712d179ee1abbb77e4474f2ee6a2326de9cebd4f196f2f0f3ec02da869527b
Instruction ID: da4fb2cf9f83562637600dad741cbe5de6e2624434fb342e5726de11f71b1358
Opcode Fuzzy Hash: 6f712d179ee1abbb77e4474f2ee6a2326de9cebd4f196f2f0f3ec02da869527b
Instruction Fuzzy Hash: F8619170900608EFDF209F54CC85AFE7BF9EB89761F908185F525AB294D7709AC0DB61

Function 00ADFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00ADFAAF
SafeArrayAllocData.OLEAUT32(?), ref: 00ADFB08
VariantInit.OLEAUT32(?), ref: 00ADFB1A
SafeArrayAccessData.OLEAUT32(?,?), ref: 00ADFB3A
VariantCopy.OLEAUT32(?,?), ref: 00ADFB8D
SafeArrayUnaccessData.OLEAUT32(?), ref: 00ADFBA1
VariantClear.OLEAUT32(?), ref: 00ADFBB6
SafeArrayDestroyData.OLEAUT32(?), ref: 00ADFBC3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00ADFBCC
VariantClear.OLEAUT32(?), ref: 00ADFBDE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00ADFBE9

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: 8aa1c35b41f1135fb6433f372d5fbca1d2acb6b1b32033bdbe6e60eff54fd41b
Instruction ID: 8d95a49ff1063c929d5641cdb6cdfee287d59a64fa78c88bf2d4d549f308acd6
Opcode Fuzzy Hash: 8aa1c35b41f1135fb6433f372d5fbca1d2acb6b1b32033bdbe6e60eff54fd41b
Instruction Fuzzy Hash: A3414135A042199FDB00DFA8D8549EEBFB9EF48354F50806AE947A7361DB30A945CFA0

Function 00AE9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00AE9CA1
GetAsyncKeyState.USER32(000000A0), ref: 00AE9D22
GetKeyState.USER32(000000A0), ref: 00AE9D3D
GetAsyncKeyState.USER32(000000A1), ref: 00AE9D57
GetKeyState.USER32(000000A1), ref: 00AE9D6C
GetAsyncKeyState.USER32(00000011), ref: 00AE9D84
GetKeyState.USER32(00000011), ref: 00AE9D96
GetAsyncKeyState.USER32(00000012), ref: 00AE9DAE
GetKeyState.USER32(00000012), ref: 00AE9DC0
GetAsyncKeyState.USER32(0000005B), ref: 00AE9DD8
GetKeyState.USER32(0000005B), ref: 00AE9DEA

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 5e742045dd96577b84df19f1196685d5c7a05340071868b9ef249b99f8440573
Instruction ID: 9987e9ac32632df8c290c9ab8fcac1c0f25c81a407ab97b18b03bbf02c41affc
Opcode Fuzzy Hash: 5e742045dd96577b84df19f1196685d5c7a05340071868b9ef249b99f8440573
Instruction Fuzzy Hash: FB41F7345047DA6DFF30976288443F7BEE16F21344F48805ADAC6575C2EBA4A9C8C7A2

Function 00B0055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00B005BC
inet_addr.WSOCK32(?), ref: 00B0061C
gethostbyname.WSOCK32(?), ref: 00B00628
IcmpCreateFile.IPHLPAPI ref: 00B00636
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00B006C6
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00B006E5
IcmpCloseHandle.IPHLPAPI(?), ref: 00B007B9
WSACleanup.WSOCK32 ref: 00B007BF

Strings

Ping, xrefs: 00B00676

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: b4ee58295a0ebe47b1d9d45d36edebec8869662b78a0d637c4b516082e8562f9
Instruction ID: 2a299c2353ae6b5b01f84c9f5b8eef6348d41af5dbb1fee34eafe5e847eb4c1f
Opcode Fuzzy Hash: b4ee58295a0ebe47b1d9d45d36edebec8869662b78a0d637c4b516082e8562f9
Instruction Fuzzy Hash: DB91A0356182019FD720EF15C988F1ABFE0EF45318F1485A9F46A9B6A2CB34ED45CF91

Function 00B08CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 00B08CF3

Part of subcall function 00AE8E54: _wcslen.LIBCMT ref: 00AE8E77

_wcslen.LIBCMT ref: 00B08D4E
_wcslen.LIBCMT ref: 00B08D9C
_wcslen.LIBCMT ref: 00B08DDC
_wcslen.LIBCMT ref: 00B08E6E

Strings

winapi, xrefs: 00B08D96, 00B08D9B
none, xrefs: 00B08E65, 00B08E6A
cdecl, xrefs: 00B08D48, 00B08D4D
stdcall, xrefs: 00B08DD6, 00B08DDB

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: bf6b9ee75be8aa36bed365100ec6fa7cbfa9bbd63af8f9f39ddcdd7ffb73c4dd
Instruction ID: ee20b571c686cdb141eca6c226e26c7d3dbf46cb454085f4f37c3da10f453971
Opcode Fuzzy Hash: bf6b9ee75be8aa36bed365100ec6fa7cbfa9bbd63af8f9f39ddcdd7ffb73c4dd
Instruction Fuzzy Hash: FF519131A005169BCF14DF68C9808BEBBE6FF65720B2542A9E4A6E72C4DF30DE40C790

Function 00B0372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 00B03774
CoUninitialize.OLE32 ref: 00B0377F
CoCreateInstance.OLE32(?,00000000,00000017,00B1FB78,?), ref: 00B037D9
IIDFromString.OLE32(?,?), ref: 00B0384C
VariantInit.OLEAUT32(?), ref: 00B038E4
VariantClear.OLEAUT32(?), ref: 00B03936

Strings

NULL Pointer assignment, xrefs: 00B0381E
Invalid parameter, xrefs: 00B03865
Failed to create object, xrefs: 00B037E4, 00B0389A

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: 17b67178a7c4cacbbd825bfca415490ae1baedd4b2865dc00bd6480dc062ed3c
Instruction ID: 16f6cb9824d35892059359dffaf7be1fe66f59d7066c2357df68145bc61ead4f
Opcode Fuzzy Hash: 17b67178a7c4cacbbd825bfca415490ae1baedd4b2865dc00bd6480dc062ed3c
Instruction Fuzzy Hash: 9A61A370608301AFD711DF54C989F6ABBE8FF49B14F104989F5859B291D770EE48CB92

Function 00AF3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00AF33CF

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00AF33F0

Strings

"%s" (%d) : ==> %s:, xrefs: 00AF3522
"%s" (%d) : ==> %s:%s%s, xrefs: 00AF3504
Incorrect parameters to object property !, xrefs: 00AF34AB
Error: , xrefs: 00AF34D1
Line %d (File "%s"):, xrefs: 00AF3443, 00AF345C
^ ERROR , xrefs: 00AF349E

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-3080491070
Opcode ID: 2fbfbd7c9bbccf3fe2a09d264571932432549a7327d87583e63422e0c9664fca
Instruction ID: 27c2ce8c49ae04d51a130435cea58fc9a74b5ccf3d86866e7b54d2f47fc53918
Opcode Fuzzy Hash: 2fbfbd7c9bbccf3fe2a09d264571932432549a7327d87583e63422e0c9664fca
Instruction Fuzzy Hash: 35517B72900209BADF14EBE0CE56EFEB7B8EF14740F1444A5F505720A2EB252F58DB61

Function 00AEB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00AEB5FC
_wcslen.LIBCMT ref: 00AEB608
_wcslen.LIBCMT ref: 00AEB64D
_wcslen.LIBCMT ref: 00AEB68C
_wcslen.LIBCMT ref: 00AEB6C7

Strings

KEYS, xrefs: 00AEB647, 00AEB64C
EXISTS, xrefs: 00AEB686, 00AEB68B
APPEND, xrefs: 00AEB6C1, 00AEB6C6
REMOVE, xrefs: 00AEB602, 00AEB607

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 1256254125-769500911
Opcode ID: d81b111fa894a2695e89ca815844d6c346a233d5a460f79eda2d929567599e28
Instruction ID: a90fc1e335291cb91617f49d451905cbdd16effe949481fd3373ec8da7075f0a
Opcode Fuzzy Hash: d81b111fa894a2695e89ca815844d6c346a233d5a460f79eda2d929567599e28
Instruction Fuzzy Hash: 45411832A100679BCB206F7ECD945BFB7B5AFA1754B244529E421DB284F731CD81C7A0

Function 00AF5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00AF53A0
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00AF5416
GetLastError.KERNEL32 ref: 00AF5420
SetErrorMode.KERNEL32(00000000,READY), ref: 00AF54A7

Strings

READONLY, xrefs: 00AF5452
INVALID, xrefs: 00AF5459
UNKNOWN, xrefs: 00AF5444
READY, xrefs: 00AF5460, 00AF5468
NOTREADY, xrefs: 00AF544B

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: b8261a329d86d1a1fbfbeb7a3beea92b6d6258dc5d712901a6819da7e1490afa
Instruction ID: ae4787d808a1d06cfa7c8952798de3f12869e3b763ebb2d51b64e76e767133e7
Opcode Fuzzy Hash: b8261a329d86d1a1fbfbeb7a3beea92b6d6258dc5d712901a6819da7e1490afa
Instruction Fuzzy Hash: 71319F75E006099FD710DFA8C584ABABBB5EF05306F148069F605DB292DB31DE82CBA1

Function 00B13C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 00B13C79
SetMenu.USER32(?,00000000), ref: 00B13C88
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B13D10
IsMenu.USER32(?), ref: 00B13D24
CreatePopupMenu.USER32 ref: 00B13D2E
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00B13D5B
DrawMenuBar.USER32 ref: 00B13D63

Strings

F, xrefs: 00B13D4E
0, xrefs: 00B13C54

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: 2257f957548198ef77dc086a2e0e4ed7fe4486f5bf1bf247019bc1dfb46f490c
Instruction ID: 43c85edb0cf309fa80f3b2f06c1e6fcd30ede949e45ebd8ea01b73fcf1ae2b72
Opcode Fuzzy Hash: 2257f957548198ef77dc086a2e0e4ed7fe4486f5bf1bf247019bc1dfb46f490c
Instruction Fuzzy Hash: 15418A74A01209EFDB14CF64E885BEA7BF6FF49304F544068E91697360EB30AA10CB90

Function 00AE1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA

SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00AE1F64
GetDlgCtrlID.USER32 ref: 00AE1F6F
GetParent.USER32 ref: 00AE1F8B
SendMessageW.USER32(00000000,?,00000111,?), ref: 00AE1F8E
GetDlgCtrlID.USER32(?), ref: 00AE1F97
GetParent.USER32(?), ref: 00AE1FAB
SendMessageW.USER32(00000000,?,00000111,?), ref: 00AE1FAE

Strings

ListBox, xrefs: 00AE1F21
ComboBox, xrefs: 00AE1EEC

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: 869a3598a4d9ce246c2b7afae85305d7bef2d5f68d05a2c0e47abc348100ded7
Instruction ID: 2680076f29887799beb794f608d82be819ed3d655fff18587d135c222fadddcd
Opcode Fuzzy Hash: 869a3598a4d9ce246c2b7afae85305d7bef2d5f68d05a2c0e47abc348100ded7
Instruction Fuzzy Hash: D321D171940214BFCF04AFA1CC85DFEBBB8EF05310F104156F961A72A1DB359918DBA0

Function 00AE1FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA

SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00AE2043
GetDlgCtrlID.USER32 ref: 00AE204E
GetParent.USER32 ref: 00AE206A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00AE206D
GetDlgCtrlID.USER32(?), ref: 00AE2076
GetParent.USER32(?), ref: 00AE208A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00AE208D

Strings

ListBox, xrefs: 00AE2002
ComboBox, xrefs: 00AE1FCD

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: edbda34ff1eb531d8bfaa7414cf0fc9f4400fec5f5687ce6c8e63c812bc4c369
Instruction ID: 8f448849d15e069677618622a396f8f0813c16945f7ce7b376eca1d17046d5cd
Opcode Fuzzy Hash: edbda34ff1eb531d8bfaa7414cf0fc9f4400fec5f5687ce6c8e63c812bc4c369
Instruction Fuzzy Hash: D921F3B1940218BFCF11AFA1CC85EFEBFB8EF09300F104045F951A71A1DA758918DB60

Function 00B13A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00B13A9D
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00B13AA0
GetWindowLongW.USER32(?,000000F0), ref: 00B13AC7
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00B13AEA
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00B13B62
SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00B13BAC
SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00B13BC7
SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00B13BE2
SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00B13BF6
SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00B13C13

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: 511b5a2263af9db45be409f2c885d119b076a8419d2bd7c2955e5c9b4d48c123
Instruction ID: bd7e74062b76cdc4631d6d3226109617229da247a9d91b2760b126f3cb2e3884
Opcode Fuzzy Hash: 511b5a2263af9db45be409f2c885d119b076a8419d2bd7c2955e5c9b4d48c123
Instruction Fuzzy Hash: F3615B75900248AFDB10DFA8CC81FEE77F8EB09714F104199FA15A72A1D774AE85DB50

Function 00AEB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00AEB151
GetForegroundWindow.USER32(00000000,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB165
GetWindowThreadProcessId.USER32(00000000), ref: 00AEB16C
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB17B
GetWindowThreadProcessId.USER32(?,00000000), ref: 00AEB18D
AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB1A6
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB1B8
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB1FD
AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB212
AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB21D

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: 3bb40374342963d48e786b3cc43b9a87dadfe54ea147bf1fff8a3ce3eab12db3
Instruction ID: 87f2008ab10391ec8a6df669d8b0f644966dbc8399be626fb4a394ee4e968b6c
Opcode Fuzzy Hash: 3bb40374342963d48e786b3cc43b9a87dadfe54ea147bf1fff8a3ce3eab12db3
Instruction Fuzzy Hash: A331BB75560344BFDB129F25DC58BAF7BA9BF517A2F648008FA00D72A0DBB49A408F74

Function 00AB2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00AB2C94

Part of subcall function 00AB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000), ref: 00AB29DE
Part of subcall function 00AB29C8: GetLastError.KERNEL32(00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000,00000000), ref: 00AB29F0

_free.LIBCMT ref: 00AB2CA0
_free.LIBCMT ref: 00AB2CAB
_free.LIBCMT ref: 00AB2CB6
_free.LIBCMT ref: 00AB2CC1
_free.LIBCMT ref: 00AB2CCC
_free.LIBCMT ref: 00AB2CD7
_free.LIBCMT ref: 00AB2CE2
_free.LIBCMT ref: 00AB2CED
_free.LIBCMT ref: 00AB2CFB

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 50c223c0a47512d6f9cae30164502de825c919affc2e5dcb679888b71b846d1c
Instruction ID: b81bf8882f4cef83c85d38486ea20b9c05f3509535c971f7694da3c79e112ea6
Opcode Fuzzy Hash: 50c223c0a47512d6f9cae30164502de825c919affc2e5dcb679888b71b846d1c
Instruction Fuzzy Hash: 5F114676510108BFCB02EF54DA42EDD3BA9FF45350F5149A6F9485B222DA31EE509B90

Function 00AF7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00AF7FAD
SetCurrentDirectoryW.KERNEL32(?), ref: 00AF7FC1
GetFileAttributesW.KERNEL32(?), ref: 00AF7FEB
SetFileAttributesW.KERNEL32(?,00000000), ref: 00AF8005
SetCurrentDirectoryW.KERNEL32(?), ref: 00AF8017
SetCurrentDirectoryW.KERNEL32(?), ref: 00AF8060
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00AF80B0

Strings

*.*, xrefs: 00AF8066

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: 40f605e9f8f7c712e84caa7bcfd3ac2b86eeb4b7d01e8f1156fa11f3f871c8d9
Instruction ID: 285d4c5ac6ff0f111153e589cebee56ef2d021db9216dafebb9d64201b558946
Opcode Fuzzy Hash: 40f605e9f8f7c712e84caa7bcfd3ac2b86eeb4b7d01e8f1156fa11f3f871c8d9
Instruction Fuzzy Hash: B381CE725082099BCB20EF94C844ABEB3E8BF89314F54485FFA85C7250EB34DD49CB92

Function 00A85BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 00A85C7A

Part of subcall function 00A85D0A: GetClientRect.USER32(?,?), ref: 00A85D30
Part of subcall function 00A85D0A: GetWindowRect.USER32(?,?), ref: 00A85D71
Part of subcall function 00A85D0A: ScreenToClient.USER32(?,?), ref: 00A85D99

GetDC.USER32 ref: 00AC46F5
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00AC4708
SelectObject.GDI32(00000000,00000000), ref: 00AC4716
SelectObject.GDI32(00000000,00000000), ref: 00AC472B
ReleaseDC.USER32(?,00000000), ref: 00AC4733
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00AC47C4

Strings

U, xrefs: 00AC4693

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: 7890387852bffeeadd7d036b0d8a5ef72f19ac7c63af7b25a7925bf70e7eea7b
Instruction ID: 13f08f46055dc75eed670ad275f763c1a09d3136d6ad81cf6c0b6d8bdcdb4f53
Opcode Fuzzy Hash: 7890387852bffeeadd7d036b0d8a5ef72f19ac7c63af7b25a7925bf70e7eea7b
Instruction Fuzzy Hash: C971DC31800205DFCF219F64C994FEA3BB6FF4A324F154269ED565A2AAC7308C81DF60

Function 00AF359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00AF35E4

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

LoadStringW.USER32(00B52390,?,00000FFF,?), ref: 00AF360A

Strings

"%s" (%d) : ==> %s:, xrefs: 00AF3742
"%s" (%d) : ==> %s:%s%s, xrefs: 00AF3724
^ ERROR, xrefs: 00AF36C9
Error: , xrefs: 00AF36EF
Line %d (File "%s"):, xrefs: 00AF366B

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-2391861430
Opcode ID: acc6c48e15b0991f5d0e2614210d702044dafb0720462982bbd3143f8b2793b6
Instruction ID: 84998b5e2b64ab291253d393d1bac4436199644691224083246456a3e6341f3b
Opcode Fuzzy Hash: acc6c48e15b0991f5d0e2614210d702044dafb0720462982bbd3143f8b2793b6
Instruction Fuzzy Hash: B951387280020ABADF14FBE0CE46AFEBB78AF14300F144165F205761A1EB311B99DBA1

Function 00AFC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00AFC272
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00AFC29A
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00AFC2CA
GetLastError.KERNEL32 ref: 00AFC322
SetEvent.KERNEL32(?), ref: 00AFC336
InternetCloseHandle.WININET(00000000), ref: 00AFC341

Strings

, xrefs: 00AFC2BB

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: 817b8518391de8d6a81c01b252dd06a9636dd0eecf247cb6c50f8da75494aecf
Instruction ID: c2984343db4b57b7bd34ad1e1904b6bcd2d1f6370b55649710f32be0caf9e040
Opcode Fuzzy Hash: 817b8518391de8d6a81c01b252dd06a9636dd0eecf247cb6c50f8da75494aecf
Instruction Fuzzy Hash: 7F31937150020CAFD7219FA68E88ABBBBFCEB49794B54851DF546D7240DB30DD049B61

Function 00AE989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00AC3AAF,?,?,Bad directive syntax error,00B1CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00AE98BC
LoadStringW.USER32(00000000,?,00AC3AAF,?), ref: 00AE98C3

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00AE9987

Strings

%s (%d) : ==> %s.: %s %s, xrefs: 00AE98F1
., xrefs: 00AE996D
Line %d:, xrefs: 00AE9912
Line %d (File "%s"):, xrefs: 00AE992D
Error: , xrefs: 00AE9955

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: HandleLoadMessageModuleString_wcslen
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 858772685-4153970271
Opcode ID: 754de4a4dd8abfe1333d11cc85e447843b4edc78aa61020dc29dc7f96eb94bb4
Instruction ID: cf4f4caf865f645f178607cad1308c1e5c5ba48297445d9e3c25b394652a0afa
Opcode Fuzzy Hash: 754de4a4dd8abfe1333d11cc85e447843b4edc78aa61020dc29dc7f96eb94bb4
Instruction Fuzzy Hash: 21218B3294021AAFCF15AF90CD0AEFE7779FF19700F044469F515660A2EB719A28EB51

Function 00AE209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00AE20AB
GetClassNameW.USER32(00000000,?,00000100), ref: 00AE20C0
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00AE214D

Strings

list, xrefs: 00AE212F
largeicons, xrefs: 00AE20E1
details, xrefs: 00AE20FB
SHELLDLL_DefView, xrefs: 00AE20CC
smallicons, xrefs: 00AE2115

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: e67ceb04e60e382137b78e1bc46428a8eaccfdc828a2a9e5334a1d75a5e2f12e
Instruction ID: 76d1f888f6869c703dc9fbd2690cc86011fe220cde5411045954be26e72063ef
Opcode Fuzzy Hash: e67ceb04e60e382137b78e1bc46428a8eaccfdc828a2a9e5334a1d75a5e2f12e
Instruction Fuzzy Hash: C2112C766C4706BAF6116721DC07EE637DCCB05364B200256F704A60F2FFB15A016714

Function 00AB8D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c424790cac348a14454be649df833163f6625fa79526c29771ca227f02e36df
Instruction ID: 90b35a5ce29e0745b5f6dc5bf96f849258c754789f70bf6f0acfe4fce8e70d69
Opcode Fuzzy Hash: 9c424790cac348a14454be649df833163f6625fa79526c29771ca227f02e36df
Instruction Fuzzy Hash: A8C1D174A04349AFDF11EFACD841BEEBBB8AF1A310F144199E915A7393CB349941CB61

Function 00ABCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00ABCEB7
_free.LIBCMT ref: 00ABCF22
_free.LIBCMT ref: 00ABCF48
_free.LIBCMT ref: 00ABCF71
_free.LIBCMT ref: 00ABCFA9
_free.LIBCMT ref: 00ABCFDA
_free.LIBCMT ref: 00ABD01B
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 00ABD09C
_free.LIBCMT ref: 00ABD0B5

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _free$EnvironmentVariable___from_strstr_to_strchr
String ID:
API String ID: 1282221369-0
Opcode ID: 3ae3fd786cd6cf7ba34043d25e798cc79f80eb836d4538e5dd32bb1960bc00da
Instruction ID: 8c195e4fad89231056323bafd89f5aaacf40ce8ebdb3e697cd28dd00d3648680
Opcode Fuzzy Hash: 3ae3fd786cd6cf7ba34043d25e798cc79f80eb836d4538e5dd32bb1960bc00da
Instruction Fuzzy Hash: FD610571A04301AFDB25BFB89981FFA7BADEF05320F0445AEF94597283EA319D019790

Function 00B150D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00B15186
ShowWindow.USER32(?,00000000), ref: 00B151C7
ShowWindow.USER32(?,00000005,?,00000000), ref: 00B151CD
SetFocus.USER32(?,?,00000005,?,00000000), ref: 00B151D1

Part of subcall function 00B16FBA: DeleteObject.GDI32(00000000), ref: 00B16FE6

GetWindowLongW.USER32(?,000000F0), ref: 00B1520D
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B1521A
InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00B1524D
SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00B15287
SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00B15296

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
String ID:
API String ID: 3210457359-0
Opcode ID: 5e4cdc0bfacffb8856b69b6ed50ac4eb7edfd87bc02472576d4e4265747785e1
Instruction ID: 8728193f9f9ba54eaa7f485167b4150f3b8dac4d296c9425819cdaef599fa8d3
Opcode Fuzzy Hash: 5e4cdc0bfacffb8856b69b6ed50ac4eb7edfd87bc02472576d4e4265747785e1
Instruction Fuzzy Hash: 2251B431A90A08FEEF319F24CC45BD93BE5EB86321F948195F515A72E0C7B599D0DB80

Function 00A98B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00AD6890
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00AD68A9
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00AD68B9
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00AD68D1
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00AD68F2
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A98874,00000000,00000000,00000000,000000FF,00000000), ref: 00AD6901
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00AD691E
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A98874,00000000,00000000,00000000,000000FF,00000000), ref: 00AD692D

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: 817be64d3d35708523f4b2567fc6c69cafd0b6eccdc767da8523757f17115ae0
Instruction ID: 8b24ee6fecc4e9434bbe67f7e7a7ad94c9ae6b4f09a76907502cc34aaf6e1c32
Opcode Fuzzy Hash: 817be64d3d35708523f4b2567fc6c69cafd0b6eccdc767da8523757f17115ae0
Instruction Fuzzy Hash: A0517470600209AFDF20CF28CC95BAE7BF6EB58760F144519F906972A0DB74E990DB50

Function 00AFC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00AFC182
GetLastError.KERNEL32 ref: 00AFC195
SetEvent.KERNEL32(?), ref: 00AFC1A9

Part of subcall function 00AFC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00AFC272
Part of subcall function 00AFC253: GetLastError.KERNEL32 ref: 00AFC322
Part of subcall function 00AFC253: SetEvent.KERNEL32(?), ref: 00AFC336
Part of subcall function 00AFC253: InternetCloseHandle.WININET(00000000), ref: 00AFC341

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: b49c422d4fa8061d4339af2a7e13a22f0c841eca0c225d697623c1bc5313d636
Instruction ID: d5032df0d4e663be10b6b1a22542a5a292e5ad89ae8b14db57c24a8f2395088b
Opcode Fuzzy Hash: b49c422d4fa8061d4339af2a7e13a22f0c841eca0c225d697623c1bc5313d636
Instruction Fuzzy Hash: F9318D7114060DAFDB21AFE6DE44AF6BBF8FF18320B00851DFA5683611DB30E9149BA0

Function 00AE25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00AE3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AE3A57
Part of subcall function 00AE3A3D: GetCurrentThreadId.KERNEL32 ref: 00AE3A5E
Part of subcall function 00AE3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00AE25B3), ref: 00AE3A65

MapVirtualKeyW.USER32(00000025,00000000), ref: 00AE25BD
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00AE25DB
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00AE25DF
MapVirtualKeyW.USER32(00000025,00000000), ref: 00AE25E9
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00AE2601
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00AE2605
MapVirtualKeyW.USER32(00000025,00000000), ref: 00AE260F
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00AE2623
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00AE2627

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: f85cefd9f3f26655ddf71319ed4e28de45a02c2b0cf5df08dc183b4cad3094f0
Instruction ID: a165cd63ec9510f17e5e4d2cf27826669df9d6746bf2e8aba2f04be89137d2ad
Opcode Fuzzy Hash: f85cefd9f3f26655ddf71319ed4e28de45a02c2b0cf5df08dc183b4cad3094f0
Instruction Fuzzy Hash: D001D4313D0354BBFB1067699C8EF993F99DB4EB52F604011F318AF0D5CDE224448A69

Function 00AE1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00AE1449,?,?,00000000), ref: 00AE180C
HeapAlloc.KERNEL32(00000000,?,00AE1449,?,?,00000000), ref: 00AE1813
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00AE1449,?,?,00000000), ref: 00AE1828
GetCurrentProcess.KERNEL32(?,00000000,?,00AE1449,?,?,00000000), ref: 00AE1830
DuplicateHandle.KERNEL32(00000000,?,00AE1449,?,?,00000000), ref: 00AE1833
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00AE1449,?,?,00000000), ref: 00AE1843
GetCurrentProcess.KERNEL32(00AE1449,00000000,?,00AE1449,?,?,00000000), ref: 00AE184B
DuplicateHandle.KERNEL32(00000000,?,00AE1449,?,?,00000000), ref: 00AE184E
CreateThread.KERNEL32(00000000,00000000,00AE1874,00000000,00000000,00000000), ref: 00AE1868

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: 6ea89ef34c2a53c2314a838de8d95348326a0c57da3546bf38bbf7956cafc706
Instruction ID: 605e8968f4f7f7fadcfeb4a6a7389ca6b35c393ad60edc59d3c484314930b441
Opcode Fuzzy Hash: 6ea89ef34c2a53c2314a838de8d95348326a0c57da3546bf38bbf7956cafc706
Instruction Fuzzy Hash: D501BFB52C0344BFE710AB65DC4DF977FACEB89B11F508411FA05DB191CA709810CB20

Function 00B0A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 00AED4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00AED501
Part of subcall function 00AED4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00AED50F
Part of subcall function 00AED4DC: CloseHandle.KERNEL32(00000000), ref: 00AED5DC

OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B0A16D
GetLastError.KERNEL32 ref: 00B0A180
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B0A1B3
TerminateProcess.KERNEL32(00000000,00000000), ref: 00B0A268
GetLastError.KERNEL32(00000000), ref: 00B0A273
CloseHandle.KERNEL32(00000000), ref: 00B0A2C4

Strings

SeDebugPrivilege, xrefs: 00B0A18F

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: cbaf2eac452bcc4a39b905c2e307caa5075e92c8cc77a028f02cf956aecd113d
Instruction ID: c6e9c73e9b9b8445aafd6d10074f7e9e783c2db2fcd412b4f3c1b846419e135e
Opcode Fuzzy Hash: cbaf2eac452bcc4a39b905c2e307caa5075e92c8cc77a028f02cf956aecd113d
Instruction Fuzzy Hash: 81616A30204342AFE720DF19C594F16BBE1AF54318F54889CE4668B6A3CB72ED49CB92

Function 00B13886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00B13925
SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00B1393A
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00B13954
_wcslen.LIBCMT ref: 00B13999
SendMessageW.USER32(?,00001057,00000000,?), ref: 00B139C6
SendMessageW.USER32(?,00001061,?,0000000F), ref: 00B139F4

Strings

SysListView32, xrefs: 00B138F7

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$Window_wcslen
String ID: SysListView32
API String ID: 2147712094-78025650
Opcode ID: d1789386db441fcf889065c141258ef34a3aafc26127b3370eb0862ee0fa74c9
Instruction ID: 0ca923eeb6146bb31e5fa3705616ec77a841181a60ff88a38c0d6fe665e046cf
Opcode Fuzzy Hash: d1789386db441fcf889065c141258ef34a3aafc26127b3370eb0862ee0fa74c9
Instruction Fuzzy Hash: 6941C431A00218ABEF219F64CC45FEA7BE9EF08750F500566F959E7281E7719E80CB90

Function 00AEBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AEBCFD
IsMenu.USER32(00000000), ref: 00AEBD1D
CreatePopupMenu.USER32 ref: 00AEBD53
GetMenuItemCount.USER32(01696710), ref: 00AEBDA4
InsertMenuItemW.USER32(01696710,?,00000001,00000030), ref: 00AEBDCC

Strings

2, xrefs: 00AEBD37
0, xrefs: 00AEBCA8

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID: 0$2
API String ID: 93392585-3793063076
Opcode ID: 38e84baeb3ff4f7e475dc65e6af821107e88c9151232d626889f6753f2fe8978
Instruction ID: 0bbdb9e15fe1df37dfc9136a7a0886d2fcbb256ec644c70a7e0a61cca36f8f8a
Opcode Fuzzy Hash: 38e84baeb3ff4f7e475dc65e6af821107e88c9151232d626889f6753f2fe8978
Instruction Fuzzy Hash: CE519C70A102899BDF20CFAADDC8BAFBBF9AF55314F248229E411D7291D7709941CB71

Function 00AEC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 00AEC913

Strings

stop, xrefs: 00AEC8E4
question, xrefs: 00AEC8CC
warning, xrefs: 00AEC8FC
info, xrefs: 00AEC8B4
blank, xrefs: 00AEC895

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: f094d8ad83e019ac2dd21fe353c605cd1ed63c468d9c801c3ab1a9251c2c9fac
Instruction ID: e9ea3da781bcf42dfab73aab87d442adde9d37f858d1ed34d91da4132a09d3ca
Opcode Fuzzy Hash: f094d8ad83e019ac2dd21fe353c605cd1ed63c468d9c801c3ab1a9251c2c9fac
Instruction Fuzzy Hash: F5112C32689346BAE7019B55DD83CEE77ECDF16374B60006AF900A72D3E7B45E016269

Function 00AEDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00AEDE42
gethostname.WSOCK32(?,00000100), ref: 00AEDE5C
gethostbyname.WSOCK32(?), ref: 00AEDE69
inet_ntoa.WSOCK32(?), ref: 00AEDEAB
_strcat.LIBCMT ref: 00AEDEB9
WSACleanup.WSOCK32 ref: 00AEDEDE

Strings

0.0.0.0, xrefs: 00AEDE87

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 642191829-3771769585
Opcode ID: dddbe30444d2514a735d0b6fcad27718d63c5c62860ec423a80e0e7fd59f0121
Instruction ID: c342bbfbc3919013d245e5d08d1b4309a1c8c9e38a5b16d4849cd6d84185a3d6
Opcode Fuzzy Hash: dddbe30444d2514a735d0b6fcad27718d63c5c62860ec423a80e0e7fd59f0121
Instruction Fuzzy Hash: 0811D371904215AFCB20AB61DD4AEEF7BBCDF56711F0001A9F545EB0D1EFB18E818AA0

Function 00B19F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2

GetSystemMetrics.USER32(0000000F), ref: 00B19FC7
GetSystemMetrics.USER32(0000000F), ref: 00B19FE7
MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00B1A224
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00B1A242
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00B1A263
ShowWindow.USER32(00000003,00000000), ref: 00B1A282
InvalidateRect.USER32(?,00000000,00000001), ref: 00B1A2A7
DefDlgProcW.USER32(?,00000005,?,?), ref: 00B1A2CA

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
String ID:
API String ID: 1211466189-0
Opcode ID: 283a1de3c9da73ee6ae14ca0fffb4911aa75b8fa884640890be8bc6b67f0eac5
Instruction ID: 557a9be006253e1ceb831bfa6da6a7099ac61fd0020efa2140779c4fbde84fa8
Opcode Fuzzy Hash: 283a1de3c9da73ee6ae14ca0fffb4911aa75b8fa884640890be8bc6b67f0eac5
Instruction Fuzzy Hash: 36B1B731601215EBCF14CF68C9857EE7BF2FF48701F5880A9EC49AB295DB31A980CB91

Function 00AEED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 00AEED2A
_wcslen.LIBCMT ref: 00AEED3B
_wcslen.LIBCMT ref: 00AEED79
_wcslen.LIBCMT ref: 00AEEDAF
_wcslen.LIBCMT ref: 00AEEDDF
_wcslen.LIBCMT ref: 00AEEDEF
_wcslen.LIBCMT ref: 00AEEE2B
_wcslen.LIBCMT ref: 00AEEE5A

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: b5729f8759112dcf4c64d9f938e3adf026942de542abcde844c992d712b5b36b
Instruction ID: a92afc3b3ddc2db6d58a36d4efdbc4d7af36c1a384196ebea148f2d7b586efa7
Opcode Fuzzy Hash: b5729f8759112dcf4c64d9f938e3adf026942de542abcde844c992d712b5b36b
Instruction Fuzzy Hash: C241B265C10258B6DB11EBF5CC8AACFB7ACAF46310F508462F518E3161FB34E255C7A5

Function 00A9F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00AD682C,00000004,00000000,00000000), ref: 00A9F953
ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00AD682C,00000004,00000000,00000000), ref: 00ADF3D1
ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00AD682C,00000004,00000000,00000000), ref: 00ADF454

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 31fea9b5cb9831b3a10c7b703678aa0b312a6129384cbcc38afa92b41ef5fada
Instruction ID: 89beb3174bdbe663bad00a75c7a4601b4b1429d39857e2da9e993c3597ed6fa5
Opcode Fuzzy Hash: 31fea9b5cb9831b3a10c7b703678aa0b312a6129384cbcc38afa92b41ef5fada
Instruction Fuzzy Hash: D741F831718680BECF399B2DCD8876B7FE2AB56314F54843DE497D7660CA71A880CB11

Function 00B12D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00B12D1B
GetDC.USER32(00000000), ref: 00B12D23
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B12D2E
ReleaseDC.USER32(00000000,00000000), ref: 00B12D3A
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00B12D76
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00B12D87
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00B15A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00B12DC2
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00B12DE1

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: 8b58bb1c28b99336d496936f5065bda119660b7bdde84234f4b81686f183adba
Instruction ID: 4ea0c0e766f9ff87952661941d78c4f005ec3ebd9c9a632aa1ee4943a8821dc1
Opcode Fuzzy Hash: 8b58bb1c28b99336d496936f5065bda119660b7bdde84234f4b81686f183adba
Instruction Fuzzy Hash: F0316B72241214BFEB158F50DC8AFEB3FA9EB09715F4480A5FE089B291CA759C50CBA4

Function 00AE5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00AE5637
_memcmp.LIBVCRUNTIME ref: 00AE5659
_memcmp.LIBVCRUNTIME ref: 00AE5671
_memcmp.LIBVCRUNTIME ref: 00AE5684
_memcmp.LIBVCRUNTIME ref: 00AE569E
_memcmp.LIBVCRUNTIME ref: 00AE56B1
_memcmp.LIBVCRUNTIME ref: 00AE56C9
_memcmp.LIBVCRUNTIME ref: 00AE56E4

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 2a82d3c0362c2cfee96e1c051ecbbb9b3cf9dcc925cdd04d78b967983ac98a36
Instruction ID: c4249a8884e0308e8c64560a4b23ec1d0b8d76208525fd85b31c9377fd0275c9
Opcode Fuzzy Hash: 2a82d3c0362c2cfee96e1c051ecbbb9b3cf9dcc925cdd04d78b967983ac98a36
Instruction Fuzzy Hash: 7B219871E409457796149A326E92FFB33ACAE11388F580020FD045F5C1F761ED50C1F5

Function 00B04FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON

Download Yara Rule

Strings

NULL Pointer assignment, xrefs: 00B0502E, 00B05383
Not an Object type, xrefs: 00B05007

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: 1ef8327a3305c29b19722276bb3a27c0cbfc1c36b4a77d9bd8ff0c39ee8a01c7
Instruction ID: 70cafdfd61bc3f623b0edaa95ca9333e16721f6d1ebc5b91e48326115c868b65
Opcode Fuzzy Hash: 1ef8327a3305c29b19722276bb3a27c0cbfc1c36b4a77d9bd8ff0c39ee8a01c7
Instruction Fuzzy Hash: BFD17D75A0060A9FDF20CF98C881AAEBBF5FF48344F1484A9E915AB691E770DD45CF90

Function 00AC1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 00AC15CE
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00AC1651
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00AC16E4
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00AC16FB

Part of subcall function 00AB3820: RtlAllocateHeap.NTDLL(00000000,?,00B51444,?,00A9FDF5,?,?,00A8A976,00000010,00B51440,00A813FC,?,00A813C6,?,00A81129), ref: 00AB3852

MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00AC1777
__freea.LIBCMT ref: 00AC17A2
__freea.LIBCMT ref: 00AC17AE

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: 1ae1371ac1f310c2194e0c5de66d62454a6f9198de54e8a769ee33d5e9bc7106
Instruction ID: 6ffaa93b93273f3a45bb86edc5de0d70dc46750a9a48aa35e5d07896af5be96e
Opcode Fuzzy Hash: 1ae1371ac1f310c2194e0c5de66d62454a6f9198de54e8a769ee33d5e9bc7106
Instruction Fuzzy Hash: 23919272F0021A9ADF208F64C991FEE7BB5AF4A710F1A465DE801E7242DB35DD41CBA0

Function 00B04523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00B04648
VariantInit.OLEAUT32(?), ref: 00B04749
VariantClear.OLEAUT32(?), ref: 00B04753
VariantClear.OLEAUT32(?), ref: 00B047B0

Strings

Null Object assignment in FOR..IN loop, xrefs: 00B045D8, 00B04706, 00B047BE
Incorrect Object type in FOR..IN loop, xrefs: 00B0472C

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: 21e4ecfd7dc24634b6f76d1e2b3be1d2fc30b4fc5389e2e4aafd1fd908884011
Instruction ID: e924d1cfdfd3667b2cecfe3025e582b8c767575d4673d534f7b8e892b0b56f69
Opcode Fuzzy Hash: 21e4ecfd7dc24634b6f76d1e2b3be1d2fc30b4fc5389e2e4aafd1fd908884011
Instruction Fuzzy Hash: 4B9171B1A00215ABDF20CFA5D884FAE7BF8EF46714F108599F615AB281D7709D45CFA0

Function 00AF1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00AF125C
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00AF1284
SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00AF12A8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AF12D8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AF135F
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AF13C4
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AF1430

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ArraySafe$Data$Access$UnaccessVartype
String ID:
API String ID: 2550207440-0
Opcode ID: 034d2239e80d2831b745c60463b99156eba8eac40b1350fc0cadf87c68a84408
Instruction ID: 2b8016729c61b2b6cd2ae7ae0f9c5a8b58c9c77f86a96d8ad3d7fc6309ad911b
Opcode Fuzzy Hash: 034d2239e80d2831b745c60463b99156eba8eac40b1350fc0cadf87c68a84408
Instruction Fuzzy Hash: 3A919B75A00219EFDB009FE8C884BBEB7B5FF45325F108029FA51EB291D774A941CB90

Function 00A9948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 75b6758c37a516b77df585e0b808d3b8d2aa1d1857e3bae9695e266779e4e0a8
Instruction ID: 05adddf305d93eb692145fb58f4191380a02fe1da68225f99a2aa5e782af5267
Opcode Fuzzy Hash: 75b6758c37a516b77df585e0b808d3b8d2aa1d1857e3bae9695e266779e4e0a8
Instruction Fuzzy Hash: B7912571A40219AFCF15CFA9C888AEFBBB8FF49320F14805AE515B7251D774AA41CB60

Function 00B03947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00B0396B
CharUpperBuffW.USER32(?,?), ref: 00B03A7A
_wcslen.LIBCMT ref: 00B03A8A
VariantClear.OLEAUT32(?), ref: 00B03C1F

Part of subcall function 00AF0CDF: VariantInit.OLEAUT32(00000000), ref: 00AF0D1F
Part of subcall function 00AF0CDF: VariantCopy.OLEAUT32(?,?), ref: 00AF0D28
Part of subcall function 00AF0CDF: VariantClear.OLEAUT32(?), ref: 00AF0D34

Strings

Incorrect Parameter format, xrefs: 00B039A6, 00B03BA1
AUTOIT.ERROR, xrefs: 00B03A80, 00B03A85

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4137639002-1221869570
Opcode ID: a8d0330efa1b973a7899c1ca1e61321992df2f33dd9a5e26f150229c90eb1837
Instruction ID: ffd7055cab0d4932fa257945345eba5d30f400fc0d4f122fbaf54107ae8a8fe8
Opcode Fuzzy Hash: a8d0330efa1b973a7899c1ca1e61321992df2f33dd9a5e26f150229c90eb1837
Instruction Fuzzy Hash: 6C916D756083059FC704EF24C58496ABBE8FF89714F14886DF48A97391DB30EE45CB92

Function 00B04BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 00AE000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?,?,00AE035E), ref: 00AE002B
Part of subcall function 00AE000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?), ref: 00AE0046
Part of subcall function 00AE000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?), ref: 00AE0054
Part of subcall function 00AE000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?), ref: 00AE0064

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00B04C51
_wcslen.LIBCMT ref: 00B04D59
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00B04DCF
CoTaskMemFree.OLE32(?), ref: 00B04DDA

Strings

NULL Pointer assignment, xrefs: 00B04E23, 00B04E52

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: 69863e8fd24fd2d9a7fb778132130fd242e086a0110f96377122c0284bd292ff
Instruction ID: c089354ce97d44ef83dda7543df6dcda61e58c972502c2e73f3831b6964c32f5
Opcode Fuzzy Hash: 69863e8fd24fd2d9a7fb778132130fd242e086a0110f96377122c0284bd292ff
Instruction Fuzzy Hash: 1E9108B1D002199FDF14EFA4D891AEEBBB8FF08310F1085AAE515A7291DB709E44CF60

Function 00B120FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00B12183
GetMenuItemCount.USER32(00000000), ref: 00B121B5
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00B121DD
_wcslen.LIBCMT ref: 00B12213
GetMenuItemID.USER32(?,?), ref: 00B1224D
GetSubMenu.USER32(?,?), ref: 00B1225B

Part of subcall function 00AE3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AE3A57
Part of subcall function 00AE3A3D: GetCurrentThreadId.KERNEL32 ref: 00AE3A5E
Part of subcall function 00AE3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00AE25B3), ref: 00AE3A65

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00B122E3

Part of subcall function 00AEE97B: Sleep.KERNEL32 ref: 00AEE9F3

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: 485a61a2275c3f8f287c7c4bf8b3335a46f53fef894ccf9a28e6001fb97ae194
Instruction ID: 428a61531886a0d090a21dd661f797baf87ab8c82afc2ff2e61a53cda697754b
Opcode Fuzzy Hash: 485a61a2275c3f8f287c7c4bf8b3335a46f53fef894ccf9a28e6001fb97ae194
Instruction Fuzzy Hash: E6718E75A00205AFCB14EF64C985AEEBBF5EF48310F548499E916EB341DB34ED918B90

Function 00B17E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(01696788), ref: 00B17F37
IsWindowEnabled.USER32(01696788), ref: 00B17F43
SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00B1801E
SendMessageW.USER32(01696788,000000B0,?,?), ref: 00B18051
IsDlgButtonChecked.USER32(?,?), ref: 00B18089
GetWindowLongW.USER32(01696788,000000EC), ref: 00B180AB
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00B180C3

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: 4f900cc3f5fba26b45ce6f1cf165a0b3afbb412b39a02d648be82b4e7a590ebb
Instruction ID: a1a2a3acbe649f9ca54a9358354fcd4493c7c5a70f833c317597be6049a95809
Opcode Fuzzy Hash: 4f900cc3f5fba26b45ce6f1cf165a0b3afbb412b39a02d648be82b4e7a590ebb
Instruction Fuzzy Hash: 76718C75688244AFEB219F64C884FEB7BF5FF09300F944499E94597261CF31AC86CB50

Function 00AEAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00AEAEF9
GetKeyboardState.USER32(?), ref: 00AEAF0E
SetKeyboardState.USER32(?), ref: 00AEAF6F
PostMessageW.USER32(?,00000101,00000010,?), ref: 00AEAF9D
PostMessageW.USER32(?,00000101,00000011,?), ref: 00AEAFBC
PostMessageW.USER32(?,00000101,00000012,?), ref: 00AEAFFD
PostMessageW.USER32(?,00000101,0000005B,?), ref: 00AEB020

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: ba8c6f9fecfc001594a1366413411907ebc897a0444972a422d9ff3a7f848319
Instruction ID: 3dbdad5f087ea29f9fa104131b5a580390b5cf2aaf67f49517f0515b1fcd7677
Opcode Fuzzy Hash: ba8c6f9fecfc001594a1366413411907ebc897a0444972a422d9ff3a7f848319
Instruction Fuzzy Hash: 2C51D0A06147D53DFB36833A8C49BBBBEE95B06304F088489E1D9468C2C798FCC8D761

Function 00AEACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 00AEAD19
GetKeyboardState.USER32(?), ref: 00AEAD2E
SetKeyboardState.USER32(?), ref: 00AEAD8F
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00AEADBB
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00AEADD8
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00AEAE17
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00AEAE38

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: e7ad555341498913255d94c54d13815c8b22b13a9a0a411a60532afb442631dd
Instruction ID: fb12c8d31b1959c96cba565b666ca97158e4b4c7c0d193f33b8faa075e596704
Opcode Fuzzy Hash: e7ad555341498913255d94c54d13815c8b22b13a9a0a411a60532afb442631dd
Instruction Fuzzy Hash: 185107A16047E53DFB3383368C95BBABEA95F56300F088488E1D9468C3D794FC88D762

Function 00AB542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00AC3CD6,?,?,?,?,?,?,?,?,00AB5BA3,?,?,00AC3CD6,?,?), ref: 00AB5470
__fassign.LIBCMT ref: 00AB54EB
__fassign.LIBCMT ref: 00AB5506
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00AC3CD6,00000005,00000000,00000000), ref: 00AB552C
WriteFile.KERNEL32(?,00AC3CD6,00000000,00AB5BA3,00000000,?,?,?,?,?,?,?,?,?,00AB5BA3,?), ref: 00AB554B
WriteFile.KERNEL32(?,?,00000001,00AB5BA3,00000000,?,?,?,?,?,?,?,?,?,00AB5BA3,?), ref: 00AB5584

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: fa206fdd3fc7ee432d339159fceb2e3a9c49637bd79aec5c25fd4a0983ab85f0
Instruction ID: f066c3551422a2f8f85cb259e97f9cba160f0bd7057ff639023a0b1fbe1ce307
Opcode Fuzzy Hash: fa206fdd3fc7ee432d339159fceb2e3a9c49637bd79aec5c25fd4a0983ab85f0
Instruction Fuzzy Hash: A751BF71E00649AFDB20CFA8D885BEEBBF9EF09301F14415AE955E7292D7309A51CB60

Function 00AA2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00AA2D4B
___except_validate_context_record.LIBVCRUNTIME ref: 00AA2D53
_ValidateLocalCookies.LIBCMT ref: 00AA2DE1
__IsNonwritableInCurrentImage.LIBCMT ref: 00AA2E0C
_ValidateLocalCookies.LIBCMT ref: 00AA2E61

Strings

csm, xrefs: 00AA2DF6

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: f364b4f7cbfa69832d9600beae3845694824d17409871ef0639f5791381c6564
Instruction ID: a27f7aecd0757d635e92c0fd1b71d632f79d56c5594d406691bf2b13e19bd828
Opcode Fuzzy Hash: f364b4f7cbfa69832d9600beae3845694824d17409871ef0639f5791381c6564
Instruction Fuzzy Hash: 7B419134A01209ABCF10DF6CC845BAEBBB5BF46324F148155E8146B3E2DB35EE65CB90

Function 00B010B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00B0304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00B0307A
Part of subcall function 00B0304E: _wcslen.LIBCMT ref: 00B0309B

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00B01112
WSAGetLastError.WSOCK32 ref: 00B01121
WSAGetLastError.WSOCK32 ref: 00B011C9
closesocket.WSOCK32(00000000), ref: 00B011F9

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
String ID:
API String ID: 2675159561-0
Opcode ID: 28f7e58d1beb436bb77a438190dc4603ae59e685b0ef43ae1c8014a078c844ff
Instruction ID: 1f199bc151f6ded3ae336795f167eccd753475120e141b9509c1d88307ea698d
Opcode Fuzzy Hash: 28f7e58d1beb436bb77a438190dc4603ae59e685b0ef43ae1c8014a078c844ff
Instruction Fuzzy Hash: 5241D431600204AFDB189F18C885BAABFE9FF45364F148499F916AB2D1CB70ED41CBE1

Function 00AECF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00AEDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00AECF22,?), ref: 00AEDDFD

Part of subcall function 00AEDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00AECF22,?), ref: 00AEDE16

lstrcmpiW.KERNEL32(?,?), ref: 00AECF45
MoveFileW.KERNEL32(?,?), ref: 00AECF7F
_wcslen.LIBCMT ref: 00AED005
_wcslen.LIBCMT ref: 00AED01B
SHFileOperationW.SHELL32(?), ref: 00AED061

Strings

\*.*, xrefs: 00AECFF3

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 3164238972-1173974218
Opcode ID: 263831deb5bf0131bcc677008a724b29a93534d833894c63ce08835ed37eea54
Instruction ID: 630c379226dab82280476a5adb9bb0ed34fa9da337709ac16b8dd744e3fdd157
Opcode Fuzzy Hash: 263831deb5bf0131bcc677008a724b29a93534d833894c63ce08835ed37eea54
Instruction Fuzzy Hash: D04166719452585FDF12EFA5CA81ADEB7B9AF08380F0000E6E505EB142EB34AB89CB50

Function 00B12DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00B12E1C
GetWindowLongW.USER32(?,000000F0), ref: 00B12E4F
GetWindowLongW.USER32(?,000000F0), ref: 00B12E84
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00B12EB6
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00B12EE0
GetWindowLongW.USER32(?,000000F0), ref: 00B12EF1
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B12F0B

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: 81873ccef01359d34b1cdbc889ed0cb849a4c38e3b76feb794657f5c0584c1c7
Instruction ID: 77902a1c814d46a161814715da69112ae71d8bc077161537370991ef7349f97a
Opcode Fuzzy Hash: 81873ccef01359d34b1cdbc889ed0cb849a4c38e3b76feb794657f5c0584c1c7
Instruction Fuzzy Hash: A8311232644250AFEB21CF58DC85FA53BE1FB9A711F9541A4F9108F2B2CB71ACA1DB41

Function 00AE7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AE7769
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AE778F
SysAllocString.OLEAUT32(00000000), ref: 00AE7792
SysAllocString.OLEAUT32(?), ref: 00AE77B0
SysFreeString.OLEAUT32(?), ref: 00AE77B9
StringFromGUID2.OLE32(?,?,00000028), ref: 00AE77DE
SysAllocString.OLEAUT32(?), ref: 00AE77EC

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 35ba9e41d4fcb80e283c9e32e80c1c689aa3c3967eb6f4f9a673306ce70a7588
Instruction ID: 84bb08ac18b8dc18ce65f7d0c89e6bfbd3949054e2b3476f448f9838ec28f384
Opcode Fuzzy Hash: 35ba9e41d4fcb80e283c9e32e80c1c689aa3c3967eb6f4f9a673306ce70a7588
Instruction Fuzzy Hash: 1D219076608219AFDF10DFA9CC88CFF77ACEB097647448025FA15DB250DA70DC428764

Function 00AE77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AE7842
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AE7868
SysAllocString.OLEAUT32(00000000), ref: 00AE786B
SysAllocString.OLEAUT32 ref: 00AE788C
SysFreeString.OLEAUT32 ref: 00AE7895
StringFromGUID2.OLE32(?,?,00000028), ref: 00AE78AF
SysAllocString.OLEAUT32(?), ref: 00AE78BD

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 9a8a64ae4f524b9746d338c73b62f54546c05dc074707a9bd2dd8df83a1bf81c
Instruction ID: eb428820d84f8d62cfa07c556135f6b935c922cd7f65c13209f9166b80628179
Opcode Fuzzy Hash: 9a8a64ae4f524b9746d338c73b62f54546c05dc074707a9bd2dd8df83a1bf81c
Instruction Fuzzy Hash: 4821AF76608214AFEF10AFA9DC88DAE77ECEB193607508125F915CB2A1DA70DC81CB64

Function 00AF04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 00AF04F2
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00AF052E

Strings

nul, xrefs: 00AF0567

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: f8a4e94e81c2bd6d9eedaa15f8cb8d0c1d57e7942e27c82f6cfb083be23b9c5b
Instruction ID: cf5a795d7368619755e09b2de4a500693898e33b10ff1d0b08a81421ad8ad00d
Opcode Fuzzy Hash: f8a4e94e81c2bd6d9eedaa15f8cb8d0c1d57e7942e27c82f6cfb083be23b9c5b
Instruction Fuzzy Hash: BA216075500309ABDF209FA9DC44EAA7BB4AF44764F208A19FAA1D72E1D7B0D940CF60

Function 00AF05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00AF05C6
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00AF0601

Strings

nul, xrefs: 00AF0639

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 3cb54f6b65b03e851ec099d0b02fa1968b5cbfed21e389d913a0ed84a343990c
Instruction ID: 9c3ea0ed3394fa2f867e2547f34b14bcc45af6e81a789f9dda77291a1a07a7e7
Opcode Fuzzy Hash: 3cb54f6b65b03e851ec099d0b02fa1968b5cbfed21e389d913a0ed84a343990c
Instruction Fuzzy Hash: 2321A6755003199BDB208FA88C04EAA7BE4AF95760F204B19FAA1E72D1DBF09960CB50

Function 00B140AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A8600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A8604C
Part of subcall function 00A8600E: GetStockObject.GDI32(00000011), ref: 00A86060
Part of subcall function 00A8600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A8606A

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00B14112
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00B1411F
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00B1412A
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00B14139
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00B14145

Strings

Msctls_Progress32, xrefs: 00B140E3

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 6b25d1206ab618c745eca03cf022429a10d589f70d423fd37611b0a4be0c7688
Instruction ID: b15544229e22a3b1cf830a8621630e5c4b61ace8272b9ee0962aa6c5693e0d84
Opcode Fuzzy Hash: 6b25d1206ab618c745eca03cf022429a10d589f70d423fd37611b0a4be0c7688
Instruction Fuzzy Hash: CB11B2B2140219BEEF119F64CC85EE77FADEF09798F008110BB18A6050CB729C61DBA4

Function 00ABD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00ABD7A3: _free.LIBCMT ref: 00ABD7CC

_free.LIBCMT ref: 00ABD82D

Part of subcall function 00AB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000), ref: 00AB29DE
Part of subcall function 00AB29C8: GetLastError.KERNEL32(00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000,00000000), ref: 00AB29F0

_free.LIBCMT ref: 00ABD838
_free.LIBCMT ref: 00ABD843
_free.LIBCMT ref: 00ABD897
_free.LIBCMT ref: 00ABD8A2
_free.LIBCMT ref: 00ABD8AD
_free.LIBCMT ref: 00ABD8B8

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction ID: 7627fd8b8bcd8941fe5ba718860ee3779f140c146e87d6a7afa717973869af4d
Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction Fuzzy Hash: 75111971940B44BBDA21BFB0CE47FCB7BDCAF44700F404C26B29DAA493EA65B5458760

Function 00AEDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00AEDA74
LoadStringW.USER32(00000000), ref: 00AEDA7B
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00AEDA91
LoadStringW.USER32(00000000), ref: 00AEDA98
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00AEDADC

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00AEDAB9

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: dd6d765ffd23e42e18eeb817ebee24edf15613813ed4c132a0b94322fc60e90c
Instruction ID: 2e4d3e51758aa231a855a3f2bf5cdcbf1c297741e10022ec7a318b1867509af5
Opcode Fuzzy Hash: dd6d765ffd23e42e18eeb817ebee24edf15613813ed4c132a0b94322fc60e90c
Instruction Fuzzy Hash: E50186F6540208BFEB509BA09D89EE7377CE708701F8044A1B706E7041EA749E844F74

Function 00AF096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(0168F088,0168F088), ref: 00AF097B
EnterCriticalSection.KERNEL32(0168F068,00000000), ref: 00AF098D
TerminateThread.KERNEL32(?,000001F6), ref: 00AF099B
WaitForSingleObject.KERNEL32(?,000003E8), ref: 00AF09A9
CloseHandle.KERNEL32(?), ref: 00AF09B8
InterlockedExchange.KERNEL32(0168F088,000001F6), ref: 00AF09C8
LeaveCriticalSection.KERNEL32(0168F068), ref: 00AF09CF

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: d4bda4307dfd8225ac81e3488e2a2616df72073150d6d2584b05e4b350e12ae9
Instruction ID: 361feb85cf4f31612c2f9905d5574ac0df9effc2aa8d9a28d04e8e07098a81bf
Opcode Fuzzy Hash: d4bda4307dfd8225ac81e3488e2a2616df72073150d6d2584b05e4b350e12ae9
Instruction Fuzzy Hash: 05F01D31482612BBD7515B94EE88AE67E35BF01702F905015F201518A1DB749465CF90

Function 00A85D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 00A85D30
GetWindowRect.USER32(?,?), ref: 00A85D71
ScreenToClient.USER32(?,?), ref: 00A85D99
GetClientRect.USER32(?,?), ref: 00A85ED7
GetWindowRect.USER32(?,?), ref: 00A85EF8

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 4c233fb6629d74862b0a701bd72164863af2e2690482cc56f11ed31ca63cde6b
Instruction ID: a296f5ab2ebc63c359e720453230cc4568dea249bef8ae05a6ff688dd7ebf28f
Opcode Fuzzy Hash: 4c233fb6629d74862b0a701bd72164863af2e2690482cc56f11ed31ca63cde6b
Instruction Fuzzy Hash: DEB15835A00A4ADBDB14DFB9C880BEAB7F1FF58310F14841AECA9D7250DB34AA51DB54

Function 00AB01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 00AB00BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AB00D6
__allrem.LIBCMT ref: 00AB00ED
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AB010B
__allrem.LIBCMT ref: 00AB0122
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AB0140

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction ID: c40d3176f160e4d1aa8a065752494190d0be2c4929efa6c321be3b223aa06877
Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction Fuzzy Hash: 0A81C472A007069FE728AB68DD41FAB73EDAF42364F24462EF551D76C2E7B0D9008790

Function 00B01D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00B03149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,00B0101C,00000000,?,?,00000000), ref: 00B03195

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00B01DC0
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00B01DE1
WSAGetLastError.WSOCK32 ref: 00B01DF2
inet_ntoa.WSOCK32(?), ref: 00B01E8C
htons.WSOCK32(?,?,?,?,?), ref: 00B01EDB
_strlen.LIBCMT ref: 00B01F35

Part of subcall function 00AE39E8: _strlen.LIBCMT ref: 00AE39F2

Part of subcall function 00A86D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,00A9CF58,?,?,?), ref: 00A86DBA
Part of subcall function 00A86D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00A9CF58,?,?,?), ref: 00A86DED

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
String ID:
API String ID: 1923757996-0
Opcode ID: da20ed25ecfd6ff241e7311274eed46393249ab6cef891c4a483100f201ecbae
Instruction ID: 71880350eff5d1d0e6000fe77fb18ffa9a74f4a01d51babe0b216f5851ef9706
Opcode Fuzzy Hash: da20ed25ecfd6ff241e7311274eed46393249ab6cef891c4a483100f201ecbae
Instruction Fuzzy Hash: B0A1E031204341AFD728EF28C895E2A7BE5EF85318F54899CF4565B2E2DB31ED42CB91

Function 00AB61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00AA82D9,00AA82D9,?,?,?,00AB644F,00000001,00000001,8BE85006), ref: 00AB6258
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00AB644F,00000001,00000001,8BE85006,?,?,?), ref: 00AB62DE
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00AB63D8
__freea.LIBCMT ref: 00AB63E5

Part of subcall function 00AB3820: RtlAllocateHeap.NTDLL(00000000,?,00B51444,?,00A9FDF5,?,?,00A8A976,00000010,00B51440,00A813FC,?,00A813C6,?,00A81129), ref: 00AB3852

__freea.LIBCMT ref: 00AB63EE
__freea.LIBCMT ref: 00AB6413

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: a36dfd9f7c267c8a35026dabae8843c3ff91ac0ef5b1734827786e8a4b91b463
Instruction ID: e15b9b5736a8dc993ab518367dae161aa0cbe93eefd0493466eb608c9497cf49
Opcode Fuzzy Hash: a36dfd9f7c267c8a35026dabae8843c3ff91ac0ef5b1734827786e8a4b91b463
Instruction Fuzzy Hash: E551BF72A00216ABEB258F64DD81EEF7BADEB44750F154629FC05DB142EB38DC54C6A0

Function 00B0BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00B0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B0B6AE,?,?), ref: 00B0C9B5
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0C9F1
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA68
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B0BCCA
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B0BD25
RegCloseKey.ADVAPI32(00000000), ref: 00B0BD6A
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00B0BD99
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00B0BDF3
RegCloseKey.ADVAPI32(?), ref: 00B0BDFF

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 1120388591-0
Opcode ID: f618e1341612f9d9de25ac77afb7b7f9a1b7036680dca3f642829a14b3fde604
Instruction ID: bfef971cf8a59749b392cbe099a489505d3302fa8fdf688503875b14c8b6dfa4
Opcode Fuzzy Hash: f618e1341612f9d9de25ac77afb7b7f9a1b7036680dca3f642829a14b3fde604
Instruction Fuzzy Hash: 1481C430208241EFD714DF24C885E6ABBE5FF84308F1489ACF4598B2A2DB31ED45CB92

Function 00ADF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000035), ref: 00ADF7B9
SysAllocString.OLEAUT32(00000001), ref: 00ADF860
VariantCopy.OLEAUT32(00ADFA64,00000000), ref: 00ADF889
VariantClear.OLEAUT32(00ADFA64), ref: 00ADF8AD
VariantCopy.OLEAUT32(00ADFA64,00000000), ref: 00ADF8B1
VariantClear.OLEAUT32(?), ref: 00ADF8BB

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Variant$ClearCopy$AllocInitString
String ID:
API String ID: 3859894641-0
Opcode ID: 8c3024e5a9792dff622c09dc58c1aab861d285fdae632426337179d88f9b1426
Instruction ID: b8c84c0dbe44eaee2a14ef51fd4ab6fa1c41c7981546c64fbed2b833c6b4f750
Opcode Fuzzy Hash: 8c3024e5a9792dff622c09dc58c1aab861d285fdae632426337179d88f9b1426
Instruction Fuzzy Hash: DE51C231A50310BECF24AB65D8A5B3AB3E8EF45710B248467E907DF391DB708D40CBA6

Function 00AF910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON

Download Yara Rule

APIs

Part of subcall function 00A87620: _wcslen.LIBCMT ref: 00A87625

Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A

GetOpenFileNameW.COMDLG32(00000058), ref: 00AF94E5
_wcslen.LIBCMT ref: 00AF9506
_wcslen.LIBCMT ref: 00AF952D
GetSaveFileNameW.COMDLG32(00000058), ref: 00AF9585

Strings

X, xrefs: 00AF9412

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$FileName$OpenSave
String ID: X
API String ID: 83654149-3081909835
Opcode ID: f6ca1be2485bba6bf626cf0aa3408f529fb8cad35d2d8c3453c547c294d7a379
Instruction ID: 1ab59cdafdf72a0c5e6b07afcb10d17dc82c285870e0fc96e0b1b5a3dffb7b48
Opcode Fuzzy Hash: f6ca1be2485bba6bf626cf0aa3408f529fb8cad35d2d8c3453c547c294d7a379
Instruction Fuzzy Hash: 12E1BE716083018FD724EF64C981B6BB7E4BF85314F04896DF9999B2A2DB31ED05CB92

Function 00A9920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2

BeginPaint.USER32(?,?,?), ref: 00A99241
GetWindowRect.USER32(?,?), ref: 00A992A5
ScreenToClient.USER32(?,?), ref: 00A992C2
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00A992D3
EndPaint.USER32(?,?,?,?,?), ref: 00A99321
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00AD71EA

Part of subcall function 00A99339: BeginPath.GDI32(00000000), ref: 00A99357

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
String ID:
API String ID: 3050599898-0
Opcode ID: 9fd3a12844867f5b1613da075d0c29b5eceb05cc9f1432b3f1db015d4bd30d54
Instruction ID: 0aaae6c153c77d77c89dd1fac1154679ba30404478267c87f6536bedd8b11ca5
Opcode Fuzzy Hash: 9fd3a12844867f5b1613da075d0c29b5eceb05cc9f1432b3f1db015d4bd30d54
Instruction Fuzzy Hash: 9D418E70204300AFDB21DF28C885FAB7BF8EB56321F14066DF9558B2B1DB719846DB61

Function 00AF07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 00AF080C
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00AF0847
EnterCriticalSection.KERNEL32(?), ref: 00AF0863
LeaveCriticalSection.KERNEL32(?), ref: 00AF08DC
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00AF08F3
InterlockedExchange.KERNEL32(?,000001F6), ref: 00AF0921

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: 1a0f7c64df1e41d85a852338bca244240f2ed4cb8d2f2f611691b018554d9656
Instruction ID: 6423b650f4bdd81d1de55846323c92d5b5a7fdb15cd712697b960d6420d9cf20
Opcode Fuzzy Hash: 1a0f7c64df1e41d85a852338bca244240f2ed4cb8d2f2f611691b018554d9656
Instruction Fuzzy Hash: 2B415971A00209AFDF14AF94DC85AAA77B8FF04310F1480A5ED00AB297DB30DE64DBA4

Function 00B181DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00ADF3AB,00000000,?,?,00000000,?,00AD682C,00000004,00000000,00000000), ref: 00B1824C
EnableWindow.USER32(?,00000000), ref: 00B18272
ShowWindow.USER32(FFFFFFFF,00000000), ref: 00B182D1
ShowWindow.USER32(?,00000004), ref: 00B182E5
EnableWindow.USER32(?,00000001), ref: 00B1830B
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00B1832F

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: 9eb161576aa122233e778abd93b8c5735db7aa5f597dfea22672cb43aacef142
Instruction ID: c2c1a99d1786e1c9f2797adc249fbbc96541d1c84396b6f178d6509a1695d069
Opcode Fuzzy Hash: 9eb161576aa122233e778abd93b8c5735db7aa5f597dfea22672cb43aacef142
Instruction Fuzzy Hash: 8A41B234601644EFDB22CF18D899BE47BE0FB4A715F5841E9F5184B2A2CB71AC81CF90

Function 00AE4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00AE4C95
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00AE4CB2
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00AE4CEA
_wcslen.LIBCMT ref: 00AE4D08
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00AE4D10
_wcsstr.LIBVCRUNTIME ref: 00AE4D1A

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: 5b59c9af64a9ce9d97ab3e0e7b81af8d400303ee24b38ad3cc75d61e384f66c2
Instruction ID: 28eadf9c1aa6a141ad4e89bddae15ed639b47a8997e4fa5e9467c5744639a5ae
Opcode Fuzzy Hash: 5b59c9af64a9ce9d97ab3e0e7b81af8d400303ee24b38ad3cc75d61e384f66c2
Instruction Fuzzy Hash: C921C9716042447FEB155B3A9D49E7B7FACDF49750F108029F805CB191DE65DC4196A0

Function 00AF581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON

Download Yara Rule

APIs

Part of subcall function 00A83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A83A97,?,?,00A82E7F,?,?,?,00000000), ref: 00A83AC2

_wcslen.LIBCMT ref: 00AF587B
CoInitialize.OLE32(00000000), ref: 00AF5995
CoCreateInstance.OLE32(00B1FCF8,00000000,00000001,00B1FB68,?), ref: 00AF59AE
CoUninitialize.OLE32 ref: 00AF59CC

Strings

.lnk, xrefs: 00AF5876, 00AF58C1, 00AF5985

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
String ID: .lnk
API String ID: 3172280962-24824748
Opcode ID: f2982e31b4c69858720ba3ff7d09a7539d4775937a9dc4c5bd2ccf35576ff670
Instruction ID: d425a1a16560f935cb02dae4504f06f652ac21328d55d758e547e0223683ff4c
Opcode Fuzzy Hash: f2982e31b4c69858720ba3ff7d09a7539d4775937a9dc4c5bd2ccf35576ff670
Instruction Fuzzy Hash: 9CD17471A087059FC718EF64C58492ABBE1FF89710F14885DFA8A9B361DB31EC45CB92

Function 00AE175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00AE0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00AE0FCA
Part of subcall function 00AE0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00AE0FD6
Part of subcall function 00AE0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00AE0FE5
Part of subcall function 00AE0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00AE0FEC
Part of subcall function 00AE0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00AE1002

GetLengthSid.ADVAPI32(?,00000000,00AE1335), ref: 00AE17AE
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00AE17BA
HeapAlloc.KERNEL32(00000000), ref: 00AE17C1
CopySid.ADVAPI32(00000000,00000000,?), ref: 00AE17DA
GetProcessHeap.KERNEL32(00000000,00000000,00AE1335), ref: 00AE17EE
HeapFree.KERNEL32(00000000), ref: 00AE17F5

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: 12e4c4722c1c92fab6fbc71cc2f0c107dc39fb726de4470648b4e202a8632fb4
Instruction ID: c3ba629bd7b4458a00da76b2ff7d42c035f21ca432366961c7feffd39e327245
Opcode Fuzzy Hash: 12e4c4722c1c92fab6fbc71cc2f0c107dc39fb726de4470648b4e202a8632fb4
Instruction Fuzzy Hash: 51118B32684215FFDB109FA5CC49FEE7BB9EB46755F608018F981A7210DB36A944CF60

Function 00AE14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00AE14FF
OpenProcessToken.ADVAPI32(00000000), ref: 00AE1506
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00AE1515
CloseHandle.KERNEL32(00000004), ref: 00AE1520
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00AE154F
DestroyEnvironmentBlock.USERENV(00000000), ref: 00AE1563

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: 83920c9b7897d048b4356cc22c68426079c3debc72a956854f4563c64e8865bb
Instruction ID: 945887c71a6d70925096ce95ec89b4994816fffcb644aba296a4dd3df7d57272
Opcode Fuzzy Hash: 83920c9b7897d048b4356cc22c68426079c3debc72a956854f4563c64e8865bb
Instruction Fuzzy Hash: 6F1129B2540259ABDF118F98ED49FDE7BB9EF48744F048015FA05A21A0C7758E60DB60

Function 00AA3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00AA3379,00AA2FE5), ref: 00AA3390
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00AA339E
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00AA33B7
SetLastError.KERNEL32(00000000,?,00AA3379,00AA2FE5), ref: 00AA3409

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 1ebd5adaa1846b87de893f44b898eb5016335ba632c02ba1b3ab8ebbe6cbdd2c
Instruction ID: 6c8d6fb14b0c67852ee7375bd3d4fadcdca05d0821f8ec4240137f9be1e236f0
Opcode Fuzzy Hash: 1ebd5adaa1846b87de893f44b898eb5016335ba632c02ba1b3ab8ebbe6cbdd2c
Instruction Fuzzy Hash: 1701473760E311BFAEA62B747D856672E94EB0B7793300229F4208B2F0EF114E015154

Function 00AB2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00AB5686,00AC3CD6,?,00000000,?,00AB5B6A,?,?,?,?,?,00AAE6D1,?,00B48A48), ref: 00AB2D78
_free.LIBCMT ref: 00AB2DAB
_free.LIBCMT ref: 00AB2DD3
SetLastError.KERNEL32(00000000,?,?,?,?,00AAE6D1,?,00B48A48,00000010,00A84F4A,?,?,00000000,00AC3CD6), ref: 00AB2DE0
SetLastError.KERNEL32(00000000,?,?,?,?,00AAE6D1,?,00B48A48,00000010,00A84F4A,?,?,00000000,00AC3CD6), ref: 00AB2DEC
_abort.LIBCMT ref: 00AB2DF2

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: 6e9edf97d93757539281170bd7e729507c9dd3201178a7f9d6cd1acd5b1162c0
Instruction ID: fc5930b48c97609acc16879e1a26d36a835b27104895df6986ab3881421357a5
Opcode Fuzzy Hash: 6e9edf97d93757539281170bd7e729507c9dd3201178a7f9d6cd1acd5b1162c0
Instruction Fuzzy Hash: 32F0C83654560027D6123738BD0AFEA2B6DBFC67A1F24451AF824931D7EE3489014360

Function 00B18A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00A99639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A99693
Part of subcall function 00A99639: SelectObject.GDI32(?,00000000), ref: 00A996A2
Part of subcall function 00A99639: BeginPath.GDI32(?), ref: 00A996B9
Part of subcall function 00A99639: SelectObject.GDI32(?,00000000), ref: 00A996E2

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00B18A4E
LineTo.GDI32(?,00000003,00000000), ref: 00B18A62
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00B18A70
LineTo.GDI32(?,00000000,00000003), ref: 00B18A80
EndPath.GDI32(?), ref: 00B18A90
StrokePath.GDI32(?), ref: 00B18AA0

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 2bbfb1e3c53164749ed2953778e1006540d263323ffda9cbb104f7d9253ebba0
Instruction ID: 84d33a33dad3f9b984e26e50338a38f40026862de4b134c3f8943c8ec6edfae0
Opcode Fuzzy Hash: 2bbfb1e3c53164749ed2953778e1006540d263323ffda9cbb104f7d9253ebba0
Instruction Fuzzy Hash: 3B11F776040108FFDB129F94DC88FEA7FACEB08350F40C462BA199A1A1CB719D55DBA0

Function 00AE51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00AE5218
GetDeviceCaps.GDI32(00000000,00000058), ref: 00AE5229
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00AE5230
ReleaseDC.USER32(00000000,00000000), ref: 00AE5238
MulDiv.KERNEL32(000009EC,?,00000000), ref: 00AE524F
MulDiv.KERNEL32(000009EC,00000001,?), ref: 00AE5261

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 261d303609e92646e519b46b81605d9c0a9ed2c6f305f5d72ddbc819b889ee1d
Instruction ID: 8fa66d471bd509ebbdff77d62cd3610dad0281bd6ea62a542d527ecc60670c79
Opcode Fuzzy Hash: 261d303609e92646e519b46b81605d9c0a9ed2c6f305f5d72ddbc819b889ee1d
Instruction Fuzzy Hash: 85014475E40714BBEB105BB69C49A9EBF78EF48751F148065FA05E7281DA709900CB60

Function 00A81BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A81BF4
MapVirtualKeyW.USER32(00000010,00000000), ref: 00A81BFC
MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A81C07
MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A81C12
MapVirtualKeyW.USER32(00000011,00000000), ref: 00A81C1A
MapVirtualKeyW.USER32(00000012,00000000), ref: 00A81C22

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: 580f707b4b934048841ed907b1f485c34641248c53dbebaa8d6ba2310df5f25b
Instruction ID: cbda5377ca47c1bfd8ac3a91766ede3dec1dcee5a3b9916193161a64f873b013
Opcode Fuzzy Hash: 580f707b4b934048841ed907b1f485c34641248c53dbebaa8d6ba2310df5f25b
Instruction Fuzzy Hash: 7D0167B0942B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CBE5

Function 00AEEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00AEEB30
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00AEEB46
GetWindowThreadProcessId.USER32(?,?), ref: 00AEEB55
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00AEEB64
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00AEEB6E
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00AEEB75

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: 6576059906f0f0cd4a84e9046b05536280f522b40756dfb6f9dca5dfb1630777
Instruction ID: b271a851385e8b2faa98fbd964a4a30fe020b89b791adaa439d2e83a19ea91bf
Opcode Fuzzy Hash: 6576059906f0f0cd4a84e9046b05536280f522b40756dfb6f9dca5dfb1630777
Instruction Fuzzy Hash: D1F03072680158BBE72157529C0DEEF3E7CEFCAB11F408158F611E3091DBA05A01C6B5

Function 00AD7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 00AD7452
SendMessageW.USER32(?,00001328,00000000,?), ref: 00AD7469
GetWindowDC.USER32(?), ref: 00AD7475
GetPixel.GDI32(00000000,?,?), ref: 00AD7484
ReleaseDC.USER32(?,00000000), ref: 00AD7496
GetSysColor.USER32(00000005), ref: 00AD74B0

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ClientColorMessagePixelRectReleaseSendWindow
String ID:
API String ID: 272304278-0
Opcode ID: b38f9855ba293a30a5336b2b6d546b377c80f7fefec4a9ef9b4d7cffc8320c97
Instruction ID: c057263c196369b13403357d72787c84363ecad1ca5dcfe7d57b0f11d230bd01
Opcode Fuzzy Hash: b38f9855ba293a30a5336b2b6d546b377c80f7fefec4a9ef9b4d7cffc8320c97
Instruction Fuzzy Hash: 3D015231440215EFEB525FA4DC09BEA7FB6FB04321FA080A4F916A31A0CF311E51AB10

Function 00AE1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00AE187F
UnloadUserProfile.USERENV(?,?), ref: 00AE188B
CloseHandle.KERNEL32(?), ref: 00AE1894
CloseHandle.KERNEL32(?), ref: 00AE189C
GetProcessHeap.KERNEL32(00000000,?), ref: 00AE18A5
HeapFree.KERNEL32(00000000), ref: 00AE18AC

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: b4f788314fb77d54bc259720de87107d5748ad6600741d9f32dac8c3703c5ca4
Instruction ID: 4be6d73b956bb1e9806e65697dddec0260e8a4c621bf1fd74b49d0d4793515ed
Opcode Fuzzy Hash: b4f788314fb77d54bc259720de87107d5748ad6600741d9f32dac8c3703c5ca4
Instruction Fuzzy Hash: F3E0E536484211BBDB015FA1ED0C98ABF3AFF49B22B90C220F225920B0CF729430DF50

Function 00AEC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A87620: _wcslen.LIBCMT ref: 00A87625

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00AEC6EE
_wcslen.LIBCMT ref: 00AEC735
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00AEC79C
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00AEC7CA

Strings

0, xrefs: 00AEC6AF

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: 80dca43d494263e4d75f397a3d7d84184777a87e3286de9d99864bf1f3cab5e7
Instruction ID: 660a953d7a0b320aadf56da785d76a41a008da4b58761126d6bbbcaa5a8bcb66
Opcode Fuzzy Hash: 80dca43d494263e4d75f397a3d7d84184777a87e3286de9d99864bf1f3cab5e7
Instruction Fuzzy Hash: C851D5716043809BD715EF2AC985B6BBBE8AF49324F040A2DF995D31E0DB70DD46CB52

Function 00B0AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 00B0AEA3

Part of subcall function 00A87620: _wcslen.LIBCMT ref: 00A87625

GetProcessId.KERNEL32(00000000), ref: 00B0AF38
CloseHandle.KERNEL32(00000000), ref: 00B0AF67

Strings

@, xrefs: 00B0AE72
<, xrefs: 00B0AE6B

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: 125e05754528d6fcf7adc50c8c174afc1df8b0c7d4696e5a31d95004240bc361
Instruction ID: 56afc1410e5147de94487d5ee8ef4c2c17128ad85e3371ce3c7c858a4f086e82
Opcode Fuzzy Hash: 125e05754528d6fcf7adc50c8c174afc1df8b0c7d4696e5a31d95004240bc361
Instruction Fuzzy Hash: EC715971A00615DFCB14EF54C584A9EBBF0FF08314F1488A9E856AB7A2CB74ED45CBA1

Function 00AE719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00AE7206
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00AE723C
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00AE724D
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00AE72CF

Strings

DllGetClassObject, xrefs: 00AE7242

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: 9ec3080c5e5b77d83bb63d750cd83e654426c3683c04b362721175ac20281e82
Instruction ID: c3922e3cb985681aad3096665498e6778f6c3ab11f6f9bdc5fbf80c3b67838e8
Opcode Fuzzy Hash: 9ec3080c5e5b77d83bb63d750cd83e654426c3683c04b362721175ac20281e82
Instruction Fuzzy Hash: 46416D71A04245EFDB15CF55C884AEE7BB9EF45310F2480A9BE099F24AD7B1DE44CBA0

Function 00B13D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B13E35
IsMenu.USER32(?), ref: 00B13E4A
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00B13E92
DrawMenuBar.USER32 ref: 00B13EA5

Strings

0, xrefs: 00B13D89

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert
String ID: 0
API String ID: 3076010158-4108050209
Opcode ID: 61c9628eb7d476b52fbd754df7a1a3f5c9689485a9de5c05ff097c97d8a0fc2c
Instruction ID: 3d8acdc41e2394227b1372015beef4b777dc578685be406fa8b57af6e3a2fbd7
Opcode Fuzzy Hash: 61c9628eb7d476b52fbd754df7a1a3f5c9689485a9de5c05ff097c97d8a0fc2c
Instruction Fuzzy Hash: 13414A76A00309EFDB10DF54D884AEABBF9FF49750F4441A9E905A7290E730AE85CF60

Function 00AE1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00AE1E66
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00AE1E79
SendMessageW.USER32(?,00000189,?,00000000), ref: 00AE1EA9

Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A

Strings

ListBox, xrefs: 00AE1E25
ComboBox, xrefs: 00AE1DF0

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$_wcslen$ClassName
String ID: ComboBox$ListBox
API String ID: 2081771294-1403004172
Opcode ID: 3a9de5e3656bbe52bf3c3a41da3217f3d5bae648db8b8741f9fcb140e3cd2b15
Instruction ID: ddf55f4979181445febf193b3d9ba4a558a62e0427d5071bab85bddea01ddba0
Opcode Fuzzy Hash: 3a9de5e3656bbe52bf3c3a41da3217f3d5bae648db8b8741f9fcb140e3cd2b15
Instruction Fuzzy Hash: 76217871A40144BFDB14ABB6CD4ACFFBBB8EF41350B144519F821A31E1DB384E0A8720

Function 00B0C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00B0C9F1
_wcslen.LIBCMT ref: 00B0CA68
_wcslen.LIBCMT ref: 00B0CA9E
_wcslen.LIBCMT ref: 00B0CAF9
_wcslen.LIBCMT ref: 00B0CB2F
_wcslen.LIBCMT ref: 00B0CB7F

Strings

HKEY_LOCAL_MACHINE, xrefs: 00B0CA62, 00B0CA67
HKLM, xrefs: 00B0CA98, 00B0CA9D

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen
String ID: HKEY_LOCAL_MACHINE$HKLM
API String ID: 176396367-4004644295
Opcode ID: bf6f51837b1ff7e3761d4d13aa3d1e32aab95ceea163c38b243305c82c85ca19
Instruction ID: 7ae5777d5208230e6749e9898bb4aa061b97bdc466cb0d0ab4c6995139a4066a
Opcode Fuzzy Hash: bf6f51837b1ff7e3761d4d13aa3d1e32aab95ceea163c38b243305c82c85ca19
Instruction Fuzzy Hash: 2931F733B0016A4BCB20DF6C89501BF3FD1DBA1790B1542A9E8556B2DDEB70CE44D3A0

Function 00B12F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00B12F8D
LoadLibraryW.KERNEL32(?), ref: 00B12F94
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00B12FA9
DestroyWindow.USER32(?), ref: 00B12FB1

Strings

SysAnimate32, xrefs: 00B12F68

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$DestroyLibraryLoadWindow
String ID: SysAnimate32
API String ID: 3529120543-1011021900
Opcode ID: f72ecb5bb3c94583cc91ce673ab36cef24a78f71b15a41fea925d61aa8ffe2a7
Instruction ID: a62f8c2378ad97cc13f2f64dee9748f72c69ca538c8d0d82ec1b363fe06f2523
Opcode Fuzzy Hash: f72ecb5bb3c94583cc91ce673ab36cef24a78f71b15a41fea925d61aa8ffe2a7
Instruction Fuzzy Hash: 46216A71204209ABEB104F64DC84EFB77F9EB59364F904658FA50D71A0D771DCA29760

Function 00AA4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00AA4D1E,00AB28E9,?,00AA4CBE,00AB28E9,00B488B8,0000000C,00AA4E15,00AB28E9,00000002), ref: 00AA4D8D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00AA4DA0
FreeLibrary.KERNEL32(00000000,?,?,?,00AA4D1E,00AB28E9,?,00AA4CBE,00AB28E9,00B488B8,0000000C,00AA4E15,00AB28E9,00000002,00000000), ref: 00AA4DC3

Strings

CorExitProcess, xrefs: 00AA4D98
mscoree.dll, xrefs: 00AA4D86

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: fc197995f3da20a1f803a7987253a4c56e285cfcc2e2fcab4076fb21c4b68aa7
Instruction ID: ae363e3fd7d1776cc4225d9d09a9a4993c8a094c497185fad772ec176909b36b
Opcode Fuzzy Hash: fc197995f3da20a1f803a7987253a4c56e285cfcc2e2fcab4076fb21c4b68aa7
Instruction Fuzzy Hash: 70F03C35A80218BBDB119F94DC49BEEBFA5EF49751F4040A4B809A32A0CF719E50CB90

Function 00ADD3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00ADD3AD
GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00ADD3BF
FreeLibrary.KERNEL32(00000000), ref: 00ADD3E5

Strings

X64, xrefs: 00ADD2A8
GetSystemWow64DirectoryW, xrefs: 00ADD3B9

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: GetSystemWow64DirectoryW$X64
API String ID: 145871493-2590602151
Opcode ID: 1d3aeaf93421fbfebbf30a953d8abcb8fdc008619497b41d4c4a9b2ca64c658f
Instruction ID: 00ac5bcf8a6b975e3fa6ad3c1578dd68f903f9adb1895c06e5ea1ad3f4063d93
Opcode Fuzzy Hash: 1d3aeaf93421fbfebbf30a953d8abcb8fdc008619497b41d4c4a9b2ca64c658f
Instruction Fuzzy Hash: DCF055314C5A20ABD73017148C18EED7B70AF00702BA4C087F807FA318DF30CE808682

Function 00A84E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A84EDD,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84E9C
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A84EAE
FreeLibrary.KERNEL32(00000000,?,?,00A84EDD,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84EC0

Strings

Wow64DisableWow64FsRedirection, xrefs: 00A84EA8
kernel32.dll, xrefs: 00A84E94

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 145871493-3689287502
Opcode ID: 1a367b8077c281265af25e17abe02863e92dcfe061aec8b9d04cb172ab391529
Instruction ID: 03b7434c5cdd4181407a344d5b23d4ce28abeddab8d04186398b51f886fe1501
Opcode Fuzzy Hash: 1a367b8077c281265af25e17abe02863e92dcfe061aec8b9d04cb172ab391529
Instruction Fuzzy Hash: 92E0CD35A855236BD3312B256C18BDF6A94AF85F627454115FC04F3114DF64CD0141A0

Function 00A84E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00AC3CDE,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84E62
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A84E74
FreeLibrary.KERNEL32(00000000,?,?,00AC3CDE,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84E87

Strings

kernel32.dll, xrefs: 00A84E5B
Wow64RevertWow64FsRedirection, xrefs: 00A84E6E

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 145871493-1355242751
Opcode ID: 1ef6c721cced8e3ec2ee4b20b2c810f8ec374ab6d6e020bf6cc5bc539804f888
Instruction ID: 3b20489445cc3f30b94d434c12b42f6d28f98ba7531ff156146d258488b92e85
Opcode Fuzzy Hash: 1ef6c721cced8e3ec2ee4b20b2c810f8ec374ab6d6e020bf6cc5bc539804f888
Instruction Fuzzy Hash: 1BD012355826226756222B256C18ECB6E58AF89F513454565F905F3124CF60CE2186D0

Function 00AF2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00AF2C05
DeleteFileW.KERNEL32(?), ref: 00AF2C87
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00AF2C9D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00AF2CAE
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00AF2CC0

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: 28ee241a167218895055f9f533db8b56fea35b276748cccd3e4505568c40602e
Instruction ID: 777463fde0cdc58254c19feea553f5b1f66282cbc349eba5df0bec708d5f58fb
Opcode Fuzzy Hash: 28ee241a167218895055f9f533db8b56fea35b276748cccd3e4505568c40602e
Instruction Fuzzy Hash: 03B11C71D0011DABDF11EBE4CD85EEEBBBDEF49350F1040A6FA09A7191EB309A448B61

Function 00B0A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00B0A427
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00B0A435
GetProcessIoCounters.KERNEL32(00000000,?), ref: 00B0A468
CloseHandle.KERNEL32(?), ref: 00B0A63D

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: e41cd924810e932e462354c39ce61b9144555b9f187cb9526d9aefc5b92dd6fb
Instruction ID: 6740545734124a24a559615ceb5a9feff304adcd197dfbc20c04f007c715b5b4
Opcode Fuzzy Hash: e41cd924810e932e462354c39ce61b9144555b9f187cb9526d9aefc5b92dd6fb
Instruction Fuzzy Hash: C4A19071604300AFE720EF24D986F2ABBE5AF84714F14885DF55A9B3D2DB71EC418B92

Function 00AEE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00AEDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00AECF22,?), ref: 00AEDDFD

Part of subcall function 00AEDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00AECF22,?), ref: 00AEDE16

Part of subcall function 00AEE199: GetFileAttributesW.KERNEL32(?,00AECF95), ref: 00AEE19A

lstrcmpiW.KERNEL32(?,?), ref: 00AEE473
MoveFileW.KERNEL32(?,?), ref: 00AEE4AC
_wcslen.LIBCMT ref: 00AEE5EB
_wcslen.LIBCMT ref: 00AEE603
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00AEE650

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: 7981b746887fc97c421dd940dd5d0c72fb31a6563c3b62fafa66ff6b69ed98f8
Instruction ID: de06c2eb19446bfea6a7a9181b1722f4a6bd2ddcc23ef07ad9ea2a6257e9e7fa
Opcode Fuzzy Hash: 7981b746887fc97c421dd940dd5d0c72fb31a6563c3b62fafa66ff6b69ed98f8
Instruction Fuzzy Hash: 9F5184B24083859BC724EBA5DD819EFB3ECAF85340F00491EF589D3191EF75A68C8766

Function 00B0B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00B0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B0B6AE,?,?), ref: 00B0C9B5
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0C9F1
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA68
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B0BAA5
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B0BB00
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00B0BB63
RegCloseKey.ADVAPI32(?,?), ref: 00B0BBA6
RegCloseKey.ADVAPI32(00000000), ref: 00B0BBB3

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 826366716-0
Opcode ID: 57dc7a22487f33c6967ea564a76f57acde8d283ca3b660a4f81a4e58086a23ff
Instruction ID: 93e404fe81816cd3c5a98c9758be9507c0c2a2a515c94e3ac7f241104bc384d0
Opcode Fuzzy Hash: 57dc7a22487f33c6967ea564a76f57acde8d283ca3b660a4f81a4e58086a23ff
Instruction Fuzzy Hash: 4961AF31208241EFD714DF24C494E2ABBE5FF84308F54899DF49A8B2A2DB31ED45CB92

Function 00AE8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00AE8BCD
VariantClear.OLEAUT32 ref: 00AE8C3E
VariantClear.OLEAUT32 ref: 00AE8C9D
VariantClear.OLEAUT32(?), ref: 00AE8D10
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00AE8D3B

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: ea9952aa76042f6bb8bf0c24e7f720ac5bbdeae056f448a7159cecdc353fe54a
Instruction ID: 2a62e9bb59bad4a7a9b58f7c504b4cb91ef708d4312242c51507de3f9a22b46c
Opcode Fuzzy Hash: ea9952aa76042f6bb8bf0c24e7f720ac5bbdeae056f448a7159cecdc353fe54a
Instruction Fuzzy Hash: 26518CB5A00219EFCB10CF59C894AAAB7F5FF89310B118559F909DB350E734E911CF90

Function 00AF8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00AF8BAE
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00AF8BDA
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00AF8C32
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00AF8C57
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00AF8C5F

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: 3c8be385c11a789a31ca20a7e2c69a17c5edfcebb06657975ac36427046783b2
Instruction ID: 85b0b36b29dbc306cdd12570d54f391fd2b8a8f47cad396897cb45ecd2d8a32e
Opcode Fuzzy Hash: 3c8be385c11a789a31ca20a7e2c69a17c5edfcebb06657975ac36427046783b2
Instruction Fuzzy Hash: 8A514C35A002199FCB05EF64C981E6DBBF5FF49314F088458E94AAB362DB35ED51CBA0

Function 00B08EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,00000000,?), ref: 00B08F40
GetProcAddress.KERNEL32(00000000,?), ref: 00B08FD0
GetProcAddress.KERNEL32(00000000,00000000), ref: 00B08FEC
GetProcAddress.KERNEL32(00000000,?), ref: 00B09032
FreeLibrary.KERNEL32(00000000), ref: 00B09052

Part of subcall function 00A9F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00AF1043,?,753CE610), ref: 00A9F6E6
Part of subcall function 00A9F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00ADFA64,00000000,00000000,?,?,00AF1043,?,753CE610,?,00ADFA64), ref: 00A9F70D

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: a8ea8fbb1f1de1e226b2c96c3288f3f4a8cc030eede75cc9dd71c5bace279d27
Instruction ID: 462e5ac9dc48093d5ad9e7cd186fefb6bfc01131696cfe2d3ae22e2a6997c01f
Opcode Fuzzy Hash: a8ea8fbb1f1de1e226b2c96c3288f3f4a8cc030eede75cc9dd71c5bace279d27
Instruction Fuzzy Hash: 30513E35604205DFC715EF64C5948ADBFF1FF49314B0880A9E84AAB3A2DB31EE85CB91

Function 00B16B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 00B16C33
SetWindowLongW.USER32(?,000000EC,?), ref: 00B16C4A
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00B16C73
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00AFAB79,00000000,00000000), ref: 00B16C98
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00B16CC7

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: 733e076b760cbf200ced192820f32e513d17b1f33f62c3a4fc2a4e9753298a09
Instruction ID: e32fdaecfa1e3d0a2c549cc5c7590e1504b196778a0ff515192a2c72dafa1d9b
Opcode Fuzzy Hash: 733e076b760cbf200ced192820f32e513d17b1f33f62c3a4fc2a4e9753298a09
Instruction Fuzzy Hash: E241D435A04104AFD724CF28CC99FEA7FE5EB09350F9542A8F895A72E0D771AD81CA80

Function 00AB2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00AB20C3
_free.LIBCMT ref: 00AB20E3

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 27eeac6136b17cc5f5c70c5f5d6cf43338e8c4f4cf0653c2be2b446e535ebb9a
Instruction ID: 0e0716294fe24a09a67ce261fa2431c79917d66b3a784acd8ae7a07252fd72d9
Opcode Fuzzy Hash: 27eeac6136b17cc5f5c70c5f5d6cf43338e8c4f4cf0653c2be2b446e535ebb9a
Instruction Fuzzy Hash: A941D372A00200AFCB24DF78C981B9DB7F9EF89714F15456AE515EB396DB31AD01CB80

Function 00A9912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00A99141
ScreenToClient.USER32(00000000,?), ref: 00A9915E
GetAsyncKeyState.USER32(00000001), ref: 00A99183
GetAsyncKeyState.USER32(00000002), ref: 00A9919D

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: e237c95fe0b4c058997f1355cf9a760d3a666157be8a9d14a60a06210216e2f8
Instruction ID: 4836c946d6df03d26a5bb94cf34bf39c8524d3f578cda88aa508efb0cfaf3499
Opcode Fuzzy Hash: e237c95fe0b4c058997f1355cf9a760d3a666157be8a9d14a60a06210216e2f8
Instruction Fuzzy Hash: 90414F71A0851AFBDF199F68C844BEEB7B5FB05320F20831AF429A72E0D7305990CB91

Function 00AF3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00AF38CB
TranslateAcceleratorW.USER32(?,00000000,?), ref: 00AF3922
TranslateMessage.USER32(?), ref: 00AF394B
DispatchMessageW.USER32(?), ref: 00AF3955
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AF3966

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchInputPeekState
String ID:
API String ID: 2256411358-0
Opcode ID: 89e302939c1342fa42bd672d286b904e558a0850f5a21c0ec907b47bfd5c07cb
Instruction ID: cb9eb31274cbb6fef1c34ba3b7246e09af8607833cc6378fe40ae862fd2fa509
Opcode Fuzzy Hash: 89e302939c1342fa42bd672d286b904e558a0850f5a21c0ec907b47bfd5c07cb
Instruction Fuzzy Hash: 71311E7250434A9EEF35CBB4D8A8BB63BE8DB15341F04459DF662C3190E7F49A85CB11

Function 00AFCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00AFC21E,00000000), ref: 00AFCF38
InternetReadFile.WININET(?,00000000,?,?), ref: 00AFCF6F
GetLastError.KERNEL32(?,00000000,?,?,?,00AFC21E,00000000), ref: 00AFCFB4
SetEvent.KERNEL32(?,?,00000000,?,?,?,00AFC21E,00000000), ref: 00AFCFC8
SetEvent.KERNEL32(?,?,00000000,?,?,?,00AFC21E,00000000), ref: 00AFCFF2

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: EventInternet$AvailableDataErrorFileLastQueryRead
String ID:
API String ID: 3191363074-0
Opcode ID: cdf0d77c2a681c1a42108ee3a9cc5022bbf9aa4ba7a1aca7bf807cbc610a2ebc
Instruction ID: 5b709dfc957fbc4d7c34ab07e0da4f5fbbe16cb2c1fdc879a9204121187b1e71
Opcode Fuzzy Hash: cdf0d77c2a681c1a42108ee3a9cc5022bbf9aa4ba7a1aca7bf807cbc610a2ebc
Instruction Fuzzy Hash: 54314F7160430DAFDB20DFE6CA849BABBF9EB14364B10842EF616D3141DB30AE40DB60

Function 00AE1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00AE1915
PostMessageW.USER32(00000001,00000201,00000001), ref: 00AE19C1
Sleep.KERNEL32(00000000,?,?,?), ref: 00AE19C9
PostMessageW.USER32(00000001,00000202,00000000), ref: 00AE19DA
Sleep.KERNEL32(00000000,?,?,?,?), ref: 00AE19E2

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: 3971b212f5ec276a9e7a16d2f2a676acc1f8fa73716be0172895381254c3082b
Instruction ID: d789a68f0eed2b5f351014072024aef0e1938ef186b1bbfa7281cec5964bfa68
Opcode Fuzzy Hash: 3971b212f5ec276a9e7a16d2f2a676acc1f8fa73716be0172895381254c3082b
Instruction Fuzzy Hash: 9C31B471A00269EFCB04CFA9CD99ADE7BB5EB44315F108225F921A72D1C7709D54CB90

Function 00B15706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001053,000000FF,?), ref: 00B15745
SendMessageW.USER32(?,00001074,?,00000001), ref: 00B1579D
_wcslen.LIBCMT ref: 00B157AF
_wcslen.LIBCMT ref: 00B157BA
SendMessageW.USER32(?,00001002,00000000,?), ref: 00B15816

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$_wcslen
String ID:
API String ID: 763830540-0
Opcode ID: f6e49acb1a137e0454f8cf7509379a56cac75674a6f0afce038b436edcf33bce
Instruction ID: a97766e1fbfe3f1bad3007c4c7a7bfeb4663ad3fdcf1ba95977bcf69f3b52584
Opcode Fuzzy Hash: f6e49acb1a137e0454f8cf7509379a56cac75674a6f0afce038b436edcf33bce
Instruction Fuzzy Hash: EE218071904618DADB309F64CC85AEEBBB8EB85324F508296E929AB2C4D77099C5CF50

Function 00B00930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00B00951
GetForegroundWindow.USER32 ref: 00B00968
GetDC.USER32(00000000), ref: 00B009A4
GetPixel.GDI32(00000000,?,00000003), ref: 00B009B0
ReleaseDC.USER32(00000000,00000003), ref: 00B009E8

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: f07b92292e6324ec8d8498fbea986a9a6684b01e2577853344dede085c937d50
Instruction ID: 6e8ea8a6a847f00cabeee0e35aa0d6dcf6991a29e057cc597bd81afae73b44c0
Opcode Fuzzy Hash: f07b92292e6324ec8d8498fbea986a9a6684b01e2577853344dede085c937d50
Instruction Fuzzy Hash: FF219075600204AFD704EF69D984AAEBBF9EF49700F04806CF94AE73A2CB70AD04CB50

Function 00ABCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00ABCDC6
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00ABCDE9

Part of subcall function 00AB3820: RtlAllocateHeap.NTDLL(00000000,?,00B51444,?,00A9FDF5,?,?,00A8A976,00000010,00B51440,00A813FC,?,00A813C6,?,00A81129), ref: 00AB3852

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00ABCE0F
_free.LIBCMT ref: 00ABCE22
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00ABCE31

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: 6014825eea41aeb24d223e3f978a11d6aa36e864b36e6420e48e76078a166447
Instruction ID: 3eaa0d68974c7e756c7d314b79a04b5c5f0ff7f80a29480bdac3de7ffa9d2314
Opcode Fuzzy Hash: 6014825eea41aeb24d223e3f978a11d6aa36e864b36e6420e48e76078a166447
Instruction Fuzzy Hash: 4F018472601215BFA7211BB66C88DFB6E6DEEC6BB13154129F905DB202EE61CD0191B0

Function 00A99639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A99693
SelectObject.GDI32(?,00000000), ref: 00A996A2
BeginPath.GDI32(?), ref: 00A996B9
SelectObject.GDI32(?,00000000), ref: 00A996E2

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: ac18532dc8eb660fdbf408b971bf60ff1929c6c276c7a5db71d9cf67f5f88f04
Instruction ID: 59adc968cde40dea268567ddd64219d2c079fabb4b2bc9ceafe1156b6de5d7a4
Opcode Fuzzy Hash: ac18532dc8eb660fdbf408b971bf60ff1929c6c276c7a5db71d9cf67f5f88f04
Instruction Fuzzy Hash: 4F217F70902305FBDF119F6CEC087EA3BB9BB11356F50465AF511A71A0DBB05892CBA4

Function 00AE5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00AE5726
_memcmp.LIBVCRUNTIME ref: 00AE5744
_memcmp.LIBVCRUNTIME ref: 00AE5757
_memcmp.LIBVCRUNTIME ref: 00AE576F
_memcmp.LIBVCRUNTIME ref: 00AE5787

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 377e10da8d06425eafaeddf0fa78b9be2ce0be3a80790b6c427b05b3fb55d81e
Instruction ID: a11453c039b6fbb4b989f382362dada0e7f7fd78b213e447bcc2e93a89c2377d
Opcode Fuzzy Hash: 377e10da8d06425eafaeddf0fa78b9be2ce0be3a80790b6c427b05b3fb55d81e
Instruction Fuzzy Hash: 88019671A45645FA96089622AE52FFB739CDB21398F404420FD04AF281F761ED60C2F0

Function 00A9990C Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00A998CC
SetTextColor.GDI32(?,?), ref: 00A998D6
SetBkMode.GDI32(?,00000001), ref: 00A998E9
GetStockObject.GDI32(00000005), ref: 00A998F1
GetWindowLongW.USER32(?,000000EB), ref: 00A99952

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Color$LongModeObjectStockTextWindow
String ID:
API String ID: 1860813098-0
Opcode ID: 6358800a50537e99923de9cfcb0af1dfaf62842f354182060d461b4106a7d4ea
Instruction ID: 11c7452de585697ac1dca59cbe677ca6e47f5e589b730769b18a0f3ec656a5cf
Opcode Fuzzy Hash: 6358800a50537e99923de9cfcb0af1dfaf62842f354182060d461b4106a7d4ea
Instruction Fuzzy Hash: 79110632286250BFCF224F69EC59AEA3FA4EB13321B08815DF5929B1B1DA310851CB51

Function 00AB2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00AAF2DE,00AB3863,00B51444,?,00A9FDF5,?,?,00A8A976,00000010,00B51440,00A813FC,?,00A813C6), ref: 00AB2DFD
_free.LIBCMT ref: 00AB2E32
_free.LIBCMT ref: 00AB2E59
SetLastError.KERNEL32(00000000,00A81129), ref: 00AB2E66
SetLastError.KERNEL32(00000000,00A81129), ref: 00AB2E6F

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: c4732cd7da352ac5b607d2688ca525d79bfb0bf673a9fad03ea068f7bf9a8e0d
Instruction ID: 35894d302398b84493de645329ef39f3fd855a18afdc696d5bf4970ff4919902
Opcode Fuzzy Hash: c4732cd7da352ac5b607d2688ca525d79bfb0bf673a9fad03ea068f7bf9a8e0d
Instruction Fuzzy Hash: 3F01F4362456006BCA1327366D45FEB2E7DBBD67A1B24442AF825A31D3EE34CC014320

Function 00AE000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?,?,00AE035E), ref: 00AE002B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?), ref: 00AE0046
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?), ref: 00AE0054
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?), ref: 00AE0064
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?), ref: 00AE0070

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: 0d11e1540472c3dd245ccb32b05ac71a8fbee63e164217a040798684927339b7
Instruction ID: f20db1bef8667e29c516852707c903b8e5389cbb580180434945a47bf55ecc38
Opcode Fuzzy Hash: 0d11e1540472c3dd245ccb32b05ac71a8fbee63e164217a040798684927339b7
Instruction Fuzzy Hash: 6C018B72640204BFDB109F6AEC44FAA7EADEB44792F148124F905D3210EBB1DD808BA0

Function 00AEE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 00AEE997
QueryPerformanceFrequency.KERNEL32(?), ref: 00AEE9A5
Sleep.KERNEL32(00000000), ref: 00AEE9AD
QueryPerformanceCounter.KERNEL32(?), ref: 00AEE9B7
Sleep.KERNEL32 ref: 00AEE9F3

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: c6bb8ba3378e481de85ac1c9ac6fb43325b1935ed0103866f977cf493c5576e4
Instruction ID: 9978ca1550389634ed1fad4e8d9a2865eb5022575d19cfd641aa41f5d464bff0
Opcode Fuzzy Hash: c6bb8ba3378e481de85ac1c9ac6fb43325b1935ed0103866f977cf493c5576e4
Instruction Fuzzy Hash: 8B015731C41629EBCF00EBE6DC49AEDFBB8FB08700F404546E502B2242CF309660CBA1

Function 00AE10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00AE1114
GetLastError.KERNEL32(?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE1120
GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE112F
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE1136
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00AE114D

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: 3147ee3ac9c5c2bd7422c81bc6e132186575f61bd5756130fcd68f37b67b3ff5
Instruction ID: 2bbc37d7a0953b9ec9a16f757ebf9183139287088e0b232f8f45a324179e90bd
Opcode Fuzzy Hash: 3147ee3ac9c5c2bd7422c81bc6e132186575f61bd5756130fcd68f37b67b3ff5
Instruction Fuzzy Hash: 88018C79240315BFDB125FA5DC49EAA3F6EEF8A3A4B608418FA41D3360DF71DC108A60

Function 00AE0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00AE0FCA
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00AE0FD6
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00AE0FE5
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00AE0FEC
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00AE1002

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: b64adef362e4bab5f3eaab3a91ced02045238b115df6a276cce20604c8ea956a
Instruction ID: 0599f8858e6bd5347f3068577427488947c367306394a18f483f199cae4ca098
Opcode Fuzzy Hash: b64adef362e4bab5f3eaab3a91ced02045238b115df6a276cce20604c8ea956a
Instruction Fuzzy Hash: D6F04F39180351BBD7214FA59C4DF963F6EEF89761F518414FA46D7291CE70DC508A60

Function 00AE1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00AE102A
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00AE1036
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE1045
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE104C
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE1062

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 4aeb1997a1a636d2aff7b484af1c9da893cedb78fa7d61cc77091d96370af5f9
Instruction ID: 564541ce1ac2ac51411ab834aa1f08228160ff6cabc7d4de2e99bc39917d3ad9
Opcode Fuzzy Hash: 4aeb1997a1a636d2aff7b484af1c9da893cedb78fa7d61cc77091d96370af5f9
Instruction Fuzzy Hash: 74F0CD39280311FBDB211FA5EC4CF963FAEEF89761FA14424FA05D7250CE30D8408A60

Function 00AF030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,00AF017D,?,00AF32FC,?,00000001,00AC2592,?), ref: 00AF0324
CloseHandle.KERNEL32(?,?,?,?,00AF017D,?,00AF32FC,?,00000001,00AC2592,?), ref: 00AF0331
CloseHandle.KERNEL32(?,?,?,?,00AF017D,?,00AF32FC,?,00000001,00AC2592,?), ref: 00AF033E
CloseHandle.KERNEL32(?,?,?,?,00AF017D,?,00AF32FC,?,00000001,00AC2592,?), ref: 00AF034B
CloseHandle.KERNEL32(?,?,?,?,00AF017D,?,00AF32FC,?,00000001,00AC2592,?), ref: 00AF0358
CloseHandle.KERNEL32(?,?,?,?,00AF017D,?,00AF32FC,?,00000001,00AC2592,?), ref: 00AF0365

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: d9593229e84e15a2f6edf8c374911def4f3f5a89c2381d8640e0f97a7bda893b
Instruction ID: f3962c675dcbc38231aef31e14269b8b59f208155ebec106a536f0771987399d
Opcode Fuzzy Hash: d9593229e84e15a2f6edf8c374911def4f3f5a89c2381d8640e0f97a7bda893b
Instruction Fuzzy Hash: 5A01A272800B199FC7309FA6D880822FBF5BF503153158A3FE29652932C771A954CF80

Function 00ABD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00ABD752

Part of subcall function 00AB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000), ref: 00AB29DE
Part of subcall function 00AB29C8: GetLastError.KERNEL32(00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000,00000000), ref: 00AB29F0

_free.LIBCMT ref: 00ABD764
_free.LIBCMT ref: 00ABD776
_free.LIBCMT ref: 00ABD788
_free.LIBCMT ref: 00ABD79A

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 18c80108d629e7fe1d5309067675945611ef12208ee26f28c49dbf5c0bbc2e88
Instruction ID: 20f656032480a47cf80a2ef982af7c4d2efd118698702652951830a41b47ff0f
Opcode Fuzzy Hash: 18c80108d629e7fe1d5309067675945611ef12208ee26f28c49dbf5c0bbc2e88
Instruction Fuzzy Hash: 86F0F936545208BB8665EB68FAC6DDA7BDDBB85B10BA40C06F048E7503DF20FC808B64

Function 00AE5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00AE5C58
GetWindowTextW.USER32(00000000,?,00000100), ref: 00AE5C6F
MessageBeep.USER32(00000000), ref: 00AE5C87
KillTimer.USER32(?,0000040A), ref: 00AE5CA3
EndDialog.USER32(?,00000001), ref: 00AE5CBD

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 3be428d2854df06d5dda760e51af0f9d5f936e609a7603b1b762336383a5293e
Instruction ID: 35eb5401d913a36790158649032d779e4bf98ea1cbba9c16deb413e846fb6748
Opcode Fuzzy Hash: 3be428d2854df06d5dda760e51af0f9d5f936e609a7603b1b762336383a5293e
Instruction Fuzzy Hash: 1D018630940B44ABEB245B21ED5EFE67BB8BF44B09F505559A583A20E1DBF0A984CB90

Function 00AB22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00AB22BE

Part of subcall function 00AB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000), ref: 00AB29DE
Part of subcall function 00AB29C8: GetLastError.KERNEL32(00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000,00000000), ref: 00AB29F0

_free.LIBCMT ref: 00AB22D0
_free.LIBCMT ref: 00AB22E3
_free.LIBCMT ref: 00AB22F4
_free.LIBCMT ref: 00AB2305

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 8ff7de0e92afed6589cb73576f91dd91daa362b7576854a7c87f63cb4a56c767
Instruction ID: b7c7aaae89790982571653bfa834a917163902f45d34f81bec36f163914356ea
Opcode Fuzzy Hash: 8ff7de0e92afed6589cb73576f91dd91daa362b7576854a7c87f63cb4a56c767
Instruction Fuzzy Hash: F3F0D075411310AB8652BF58BD01B983F69B76DB52B050E87F418D7272CF310551ABA5

Function 00A995C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 00A995D4
StrokeAndFillPath.GDI32(?,?,00AD71F7,00000000,?,?,?), ref: 00A995F0
SelectObject.GDI32(?,00000000), ref: 00A99603
DeleteObject.GDI32 ref: 00A99616
StrokePath.GDI32(?), ref: 00A99631

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: de202c6e1d781feaa2e184da267d79593bac477b83590b1b0779b204224063ee
Instruction ID: b5e9c7c09017a837f53f73ce343db84a60272f37f7cd810b4bb4348146307445
Opcode Fuzzy Hash: de202c6e1d781feaa2e184da267d79593bac477b83590b1b0779b204224063ee
Instruction Fuzzy Hash: 91F0F630145304EBDB125F6DED1C7AA3FA1AB05322F448658E565960F1CF3089A6DF64

Function 00AB0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 00AB10F9
__freea.LIBCMT ref: 00AB1117

Part of subcall function 00AB1537: _free.LIBCMT ref: 00AB154F

Strings

a/p, xrefs: 00AB11DE
am/pm, xrefs: 00AB117A

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: 7bf1b06f2f6966e2bc6ed0fab9c062e2b45689bd28c5047deb3cca05287d77cf
Instruction ID: e4034135509b6f9786048d5b00188adbf8412ca66a444d5ddcace7d1e96a6233
Opcode Fuzzy Hash: 7bf1b06f2f6966e2bc6ed0fab9c062e2b45689bd28c5047deb3cca05287d77cf
Instruction Fuzzy Hash: A2D1E431900205DADB649F68C865BFEB7F9FF05300FA84269E5019F653E7759D80CB91

Function 00B07B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 00AA0242: EnterCriticalSection.KERNEL32(00B5070C,00B51884,?,?,00A9198B,00B52518,?,?,?,00A812F9,00000000), ref: 00AA024D
Part of subcall function 00AA0242: LeaveCriticalSection.KERNEL32(00B5070C,?,00A9198B,00B52518,?,?,?,00A812F9,00000000), ref: 00AA028A

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00AA00A3: __onexit.LIBCMT ref: 00AA00A9

__Init_thread_footer.LIBCMT ref: 00B07BFB

Part of subcall function 00AA01F8: EnterCriticalSection.KERNEL32(00B5070C,?,?,00A98747,00B52514), ref: 00AA0202
Part of subcall function 00AA01F8: LeaveCriticalSection.KERNEL32(00B5070C,?,00A98747,00B52514), ref: 00AA0235

Strings

5, xrefs: 00B07C78
Variable must be of type 'Object'., xrefs: 00B07C3A
G, xrefs: 00B07C7F

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
String ID: 5$G$Variable must be of type 'Object'.
API String ID: 535116098-3733170431
Opcode ID: db3d57c0307efd016ad9d581974cd5e01f570d105b878e50e58d737fc8e76103
Instruction ID: 1bc5020ea696218fdb24db6883e53b68234fb66ecc0808c30185cabd7b6b1ea4
Opcode Fuzzy Hash: db3d57c0307efd016ad9d581974cd5e01f570d105b878e50e58d737fc8e76103
Instruction Fuzzy Hash: B1919BB0A44209AFDB14EF94D9909AEBBF1FF45300F148199F8069B291DB71AE45CB91

Function 00AE2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00AEB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00AE21D0,?,?,00000034,00000800,?,00000034), ref: 00AEB42D

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00AE2760

Part of subcall function 00AEB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00AE21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00AEB3F8

Part of subcall function 00AEB32A: GetWindowThreadProcessId.USER32(?,?), ref: 00AEB355
Part of subcall function 00AEB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00AE2194,00000034,?,?,00001004,00000000,00000000), ref: 00AEB365
Part of subcall function 00AEB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00AE2194,00000034,?,?,00001004,00000000,00000000), ref: 00AEB37B

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00AE27CD
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00AE281A

Strings

@, xrefs: 00AE2832

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: ca7d2252fdd29c0735d04e8f9d1d248e7a5134b1c29d3a57dd5e633ce5d09dc6
Instruction ID: 5bf0e9eeb71c61454d5ed0347c20b5523b7bc21362d68c2290c67235c525883f
Opcode Fuzzy Hash: ca7d2252fdd29c0735d04e8f9d1d248e7a5134b1c29d3a57dd5e633ce5d09dc6
Instruction Fuzzy Hash: 92412C72900218AFDB10DFA5CD46BEEBBB8EF09700F108095FA55B7181DB706E45CBA1

Function 00AB172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00AB1769
_free.LIBCMT ref: 00AB1834
_free.LIBCMT ref: 00AB183E

Strings

C:\Users\user\Desktop\file.exe, xrefs: 00AB1760, 00AB1767, 00AB1796, 00AB17CE

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\Desktop\file.exe
API String ID: 2506810119-1957095476
Opcode ID: 1afdc9d994c085854c8444e96d12148a2686b6ed4991b84952c65adf0598e0db
Instruction ID: 572627929f8a7f4d4da0b61099c63c3f7207513984cc4ba181db879b6bd95fc2
Opcode Fuzzy Hash: 1afdc9d994c085854c8444e96d12148a2686b6ed4991b84952c65adf0598e0db
Instruction Fuzzy Hash: 1E316D71A40258AFDB21DF999995EDEBBFCEB85310F9441A6F804D7212DA708E80CB90

Function 00AEC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00AEC306
DeleteMenu.USER32(?,00000007,00000000), ref: 00AEC34C
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00B51990,01696710), ref: 00AEC395

Strings

0, xrefs: 00AEC2DF

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: dbc3dc96af4dcaab8a7965aa3b344d003ae26940c094baaab35a6797f5c856cc
Instruction ID: a77b9f7111cf031f37d61865d5dfa5127be0c1312d5f41c4037338b5286eb6b5
Opcode Fuzzy Hash: dbc3dc96af4dcaab8a7965aa3b344d003ae26940c094baaab35a6797f5c856cc
Instruction Fuzzy Hash: 6B4191712043829FD724DF26D885F5AFBE8AF85320F14861DF9A59B2D2D730E905CB62

Function 00B14416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00B1CC08,00000000,?,?,?,?), ref: 00B144AA
GetWindowLongW.USER32 ref: 00B144C7
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B144D7

Strings

SysTreeView32, xrefs: 00B1447C

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: 51aa60eca69fdbe60b021d3f57c38c2c4945bdf8c4ffd53c01b2fddfbbbcfbac
Instruction ID: 44f242a32ee8d0e22b552f9a6c6be3451fa650e9a7a828fb41cd85ecda9dae71
Opcode Fuzzy Hash: 51aa60eca69fdbe60b021d3f57c38c2c4945bdf8c4ffd53c01b2fddfbbbcfbac
Instruction Fuzzy Hash: 58317C71250205ABDB209E38DC45BEA7BE9EB18324F608755F979932E0DB70AC909B50

Function 00B0304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00B0335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00B03077,?,?), ref: 00B03378

inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00B0307A
_wcslen.LIBCMT ref: 00B0309B
htons.WSOCK32(00000000,?,?,00000000), ref: 00B03106

Strings

255.255.255.255, xrefs: 00B03095, 00B0309A

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ByteCharMultiWide_wcslenhtonsinet_addr
String ID: 255.255.255.255
API String ID: 946324512-2422070025
Opcode ID: 04f91f8924de47d29e179b19293d36fc3a821e45801c64ce38f868b0dea1e897
Instruction ID: e40f5f661f350d4fd51d0ccb3644e9b235ed9f1d6b0945cd9094bba93f40cc3c
Opcode Fuzzy Hash: 04f91f8924de47d29e179b19293d36fc3a821e45801c64ce38f868b0dea1e897
Instruction Fuzzy Hash: ED31C4352002059FC710CF28C5C9FAABBE8EF54714F288099E8159B3D2DB72DE45C761

Function 00B13EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00B13F40
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00B13F54
SendMessageW.USER32(?,00001002,00000000,?), ref: 00B13F78

Strings

SysMonthCal32, xrefs: 00B13F0B

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: 3d3cb17fc51caa721973bc06375b6be3224704b9e2e288b4f2dba7329aefed1b
Instruction ID: 1daa0874d5ac77f5e9d657999ec622ff43715d739d6257b9b142316557688d2f
Opcode Fuzzy Hash: 3d3cb17fc51caa721973bc06375b6be3224704b9e2e288b4f2dba7329aefed1b
Instruction Fuzzy Hash: F721BF32640219BFDF218F54CC86FEA3BB9EB48714F110254FA157B1D0DAB1A991CB90

Function 00B14653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00B14705
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00B14713
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00B1471A

Strings

msctls_updown32, xrefs: 00B14684

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: 498bf55fe75f71717402195efd37039113af744455116bf1d4c42c9d3b84bb06
Instruction ID: 239a2e4aa15faedb6d7430cda1cf2dba060e17c543c7b8ddbe46fb20c63c92c6
Opcode Fuzzy Hash: 498bf55fe75f71717402195efd37039113af744455116bf1d4c42c9d3b84bb06
Instruction Fuzzy Hash: 6D2130B5600209AFEB11DF68DCC1DA737EDEB5A7A4B540499FA009B291CB71EC51CB60

Function 00AE95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00AE961D

Strings

#OnAutoItStartRegister, xrefs: 00AE95F3
#notrayicon, xrefs: 00AE95B7
#requireadmin, xrefs: 00AE95D9

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 176396367-2734436370
Opcode ID: e7b66c27e754e014e295a99e471b8bc05dda7cc071a0a998bd548639a58d846b
Instruction ID: 0a11f6d79302de643d296d36d6927ab008341e42472fa58e6954daee4d474c90
Opcode Fuzzy Hash: e7b66c27e754e014e295a99e471b8bc05dda7cc071a0a998bd548639a58d846b
Instruction Fuzzy Hash: F5215772204791A6D731BB269D02FBBB3E89F91300F60442AF94997081EB95ED85C3A5

Function 00B137B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00B13840
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00B13850
MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00B13876

Strings

Listbox, xrefs: 00B1380F

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: ac895b39d2a53753877b5ef28811454bd14f5a07b5f2bca876406ebf754b425d
Instruction ID: 80757cc722409ec062b4cabc88a1c84a2143462fe1a9365187eea6da09cb1b23
Opcode Fuzzy Hash: ac895b39d2a53753877b5ef28811454bd14f5a07b5f2bca876406ebf754b425d
Instruction Fuzzy Hash: F321AC72600218BBEF218F54CC81FEB3BEEEF89B50F508164F9009B190DA719C9287A0

Function 00AF49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00AF4A08
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00AF4A5C
SetErrorMode.KERNEL32(00000000,?,?,00B1CC08), ref: 00AF4AD0

Strings

%lu, xrefs: 00AF4A6F

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: 2048e27342b9b4796913cb25efd91d21077720e1547bebc80bbabda65d2e5660
Instruction ID: 3b607f0b0b279553a4e2d8874e1bf37e2ccfc11ebf271021d8b29a095b762fca
Opcode Fuzzy Hash: 2048e27342b9b4796913cb25efd91d21077720e1547bebc80bbabda65d2e5660
Instruction Fuzzy Hash: 09312375A40109AFDB10EF54C985EAA7BF8EF09308F148099F509DB252DB71ED45CBA1

Function 00B141EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00B1424F
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00B14264
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00B14271

Strings

msctls_trackbar32, xrefs: 00B14226

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: c7820a4f6b46011e5e969d9265e9be110c87da91633ce427f273d9c06323f389
Instruction ID: 0b01477a86a320ca22bf44b4dae4edaea86c8a86b8379dbd8754208dd15bf91e
Opcode Fuzzy Hash: c7820a4f6b46011e5e969d9265e9be110c87da91633ce427f273d9c06323f389
Instruction Fuzzy Hash: 7F11CE31290208BEEF205E28CC06FEB3BECEB95B64F114524FA55E60A0D671DCA19B60

Function 00AE2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A

Part of subcall function 00AE2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00AE2DC5
Part of subcall function 00AE2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AE2DD6
Part of subcall function 00AE2DA7: GetCurrentThreadId.KERNEL32 ref: 00AE2DDD
Part of subcall function 00AE2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00AE2DE4

GetFocus.USER32 ref: 00AE2F78

Part of subcall function 00AE2DEE: GetParent.USER32(00000000), ref: 00AE2DF9

GetClassNameW.USER32(?,?,00000100), ref: 00AE2FC3
EnumChildWindows.USER32(?,00AE303B), ref: 00AE2FEB

Strings

%s%d, xrefs: 00AE2FFF

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
String ID: %s%d
API String ID: 1272988791-1110647743
Opcode ID: 97401648eb29ba1abb402a51c7226c1b1da4f4d402c9321214c549b27bc14bcf
Instruction ID: efc6d72d272da244775d9d9215a0d75c7888983d80aa7422ca570cef7e8a4bf9
Opcode Fuzzy Hash: 97401648eb29ba1abb402a51c7226c1b1da4f4d402c9321214c549b27bc14bcf
Instruction Fuzzy Hash: 1611B4756002456BDF147F758DC9FEE37AAAF94314F048075FA099B152DE309A458B60

Function 00B15882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00B158C1
SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00B158EE
DrawMenuBar.USER32(?), ref: 00B158FD

Strings

0, xrefs: 00B1588F

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: 0
API String ID: 3227129158-4108050209
Opcode ID: 4544eb67c2b2dbeae685acc5a62a83acae3a95f4f993c10f87d598cba4939ce3
Instruction ID: 046e64ad28a38bc30aadede0fcce2de28980be1b8d52025721961c323494180f
Opcode Fuzzy Hash: 4544eb67c2b2dbeae685acc5a62a83acae3a95f4f993c10f87d598cba4939ce3
Instruction Fuzzy Hash: 5B015B31600218EFDB219F11DC85BEEBBB9FB85360F5080A9E849D6251DB308A84DF21

Function 00AE007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0051a6ffd701ccdb0d8792e8e576e7049d2213f790995b51572fdc369250294
Instruction ID: dfa12a2a89c6d37102d49b105bc21cd143ea9de57d89c873192da0f136634068
Opcode Fuzzy Hash: e0051a6ffd701ccdb0d8792e8e576e7049d2213f790995b51572fdc369250294
Instruction Fuzzy Hash: 9FC14875A0024AAFCB14CFA9C894EAEB7B5FF48304F218598E505EF251D771EE81DB90

Function 00AB3E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00AB3F0B
__alldvrm.LIBCMT ref: 00AB410C
__alldvrm.LIBCMT ref: 00AB412E

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction ID: 3d6c98627804c329d5ec1f2aed55f3a2956d35f265b81b4dec48013c2291fb28
Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction Fuzzy Hash: C2A11772E003869FEB15DF28C8917FABBF9EF6A350F14426DE5959B283C2388941C750

Function 00B0342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00B03459
CoUninitialize.OLE32 ref: 00B03463
VariantInit.OLEAUT32(?), ref: 00B0346E
VariantClear.OLEAUT32(?), ref: 00B0371B

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Variant$ClearInitInitializeUninitialize
String ID:
API String ID: 1998397398-0
Opcode ID: 2eb5b93b5be3dc53679a8770480fd4be470ec536072e67bebdd4414821224e25
Instruction ID: bdcabf6bbb7c368e807613c973552bbd64aac075157f06bda63c00c7e5fb02fe
Opcode Fuzzy Hash: 2eb5b93b5be3dc53679a8770480fd4be470ec536072e67bebdd4414821224e25
Instruction Fuzzy Hash: 6FA13F756043009FC714EF28C585A2EBBE9FF88714F148899F99A9B3A2DB31ED05CB51

Function 00AE0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00B1FC08,?), ref: 00AE05F0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00B1FC08,?), ref: 00AE0608
CLSIDFromProgID.OLE32(?,?,00000000,00B1CC40,000000FF,?,00000000,00000800,00000000,?,00B1FC08,?), ref: 00AE062D
_memcmp.LIBVCRUNTIME ref: 00AE064E

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: c110d143f78d168531444312f48d7a33d9c3653483257f419ed1632c68c9be90
Instruction ID: 59a3fde26617507f2eeb5e8e5a027645a068ab680247ba57fe7d6e2b604dcbdc
Opcode Fuzzy Hash: c110d143f78d168531444312f48d7a33d9c3653483257f419ed1632c68c9be90
Instruction Fuzzy Hash: AE811B71A00109EFCB04DF95C984EEEB7B9FF89315F208598E516AB250DB71AE46CF60

Function 00AC1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00AC14C0

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 9b92d106390141dd330caa11b5583f0d7a0a8d953d4fc7e9bb7cf91c4fec89da
Instruction ID: 7a6cb4d290ab3c359244fecce8d3914ba924e65367c814c7b7814af62eb2cf05
Opcode Fuzzy Hash: 9b92d106390141dd330caa11b5583f0d7a0a8d953d4fc7e9bb7cf91c4fec89da
Instruction Fuzzy Hash: 26412B75B00500ABDB296BF98E45FFE3AA9EF43370F16462DF419D7293E73448415261

Function 00B16278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00B162E2
ScreenToClient.USER32(?,?), ref: 00B16315
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00B16382

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: 84f78ea3ed68394db6ce4601be8e84092659de1787d082b18d77b387e4e20329
Instruction ID: 02d9bb15993257b216982d689c1f4f18d5fce2879ec0b66276d4357bd66456af
Opcode Fuzzy Hash: 84f78ea3ed68394db6ce4601be8e84092659de1787d082b18d77b387e4e20329
Instruction Fuzzy Hash: E4510A74A00209EFDB14DF68D980AEE7BF5EB45360F5085A9F8259B290DB70ED81CB90

Function 00B01AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 00B01AFD
WSAGetLastError.WSOCK32 ref: 00B01B0B
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00B01B8A
WSAGetLastError.WSOCK32 ref: 00B01B94

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: f7c9238930ad61d36ead07b064793d5cde1c7fff05bab8acf3bd9ed667f8d9bd
Instruction ID: 7ce4c115fbeeddc879471a7638306e1573c42455ed6bcee579dccb6d26265317
Opcode Fuzzy Hash: f7c9238930ad61d36ead07b064793d5cde1c7fff05bab8acf3bd9ed667f8d9bd
Instruction Fuzzy Hash: 8F41A034640200AFE724AF24C986F697BE5EB44718F54C498FA1A9F7D2D772DD418B90

Function 00ABB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f034f40f7dc4ed038bd624d78a31cb885113cc0817b04253a5712e5b681e413
Instruction ID: 03d99683938e3ae80aa54c49b9e01be04bffa54306d26d7d183028b0d9fd28dd
Opcode Fuzzy Hash: 1f034f40f7dc4ed038bd624d78a31cb885113cc0817b04253a5712e5b681e413
Instruction Fuzzy Hash: D441F771A10704AFD7249F78CD41BEABBEDEB89710F10862EF156DB283D7B1994187A0

Function 00AF56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00AF5783
GetLastError.KERNEL32(?,00000000), ref: 00AF57A9
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00AF57CE
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00AF57FA

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: 62055b8c2a6b1be29b1c3f52483061b644ca4990450da27e457380c3e7c93ce5
Instruction ID: 0078210baf9718f1a0def4a1369c98950d4ce570610a233f0b35da1128776dc6
Opcode Fuzzy Hash: 62055b8c2a6b1be29b1c3f52483061b644ca4990450da27e457380c3e7c93ce5
Instruction Fuzzy Hash: AC412C35600610DFCB15EF55C544A5DBBE1AF49720B18C888E95A5B362CB30FD40CB91

Function 00ABD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00AA6D71,00000000,00000000,00AA82D9,?,00AA82D9,?,00000001,00AA6D71,8BE85006,00000001,00AA82D9,00AA82D9), ref: 00ABD910
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00ABD999
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00ABD9AB
__freea.LIBCMT ref: 00ABD9B4

Part of subcall function 00AB3820: RtlAllocateHeap.NTDLL(00000000,?,00B51444,?,00A9FDF5,?,?,00A8A976,00000010,00B51440,00A813FC,?,00A813C6,?,00A81129), ref: 00AB3852

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: a6b8f3ed7c547935e78faf7eb58da2931c04f026c1305df016a9ca446ab76c4c
Instruction ID: 848f9a95a4ee5198f7e16b12227cef35be603173b7e6d5f7dd8701b95e046ff2
Opcode Fuzzy Hash: a6b8f3ed7c547935e78faf7eb58da2931c04f026c1305df016a9ca446ab76c4c
Instruction Fuzzy Hash: 9431BC72A0020AABDF249F64DC41EEE7BA9EB41710F154268FC04D7292EB36CD50CBA0

Function 00B152C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001024,00000000,?), ref: 00B15352
GetWindowLongW.USER32(?,000000F0), ref: 00B15375
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B15382
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00B153A8

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: LongWindow$InvalidateMessageRectSend
String ID:
API String ID: 3340791633-0
Opcode ID: f638550ef3d39fe2c2482048902e994f99ccdd7937ce8c8e5a5f5ce4fd2b213a
Instruction ID: 30447c887dbc950920c002c5c8517420af647d544b993bb995aa25595780482d
Opcode Fuzzy Hash: f638550ef3d39fe2c2482048902e994f99ccdd7937ce8c8e5a5f5ce4fd2b213a
Instruction Fuzzy Hash: 4231C634A55A0CEFEB349E14EC45BE837E5EB85390FD44182FA22971E1C7B09DC0AB49

Function 00AEAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00AEABF1
SetKeyboardState.USER32(00000080,?,00008000), ref: 00AEAC0D
PostMessageW.USER32(00000000,00000101,00000000), ref: 00AEAC74
SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00AEACC6

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 074fd6b7ecff42f864e17cb8d1103f05cac38f80aa425a1294c9049b23548b94
Instruction ID: 431399e90c4e3fc0ba18830e5eed54065d647db6c11c810a0098c6bbef7faf5b
Opcode Fuzzy Hash: 074fd6b7ecff42f864e17cb8d1103f05cac38f80aa425a1294c9049b23548b94
Instruction Fuzzy Hash: 02310730A407986FEF35CBA68C057FE7BB5ABE9310F28831AE485931D1C375A9858753

Function 00B17674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 00B1769A
GetWindowRect.USER32(?,?), ref: 00B17710
PtInRect.USER32(?,?,00B18B89), ref: 00B17720
MessageBeep.USER32(00000000), ref: 00B1778C

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: f4c277ba797cd8294015431adffaa5d04caf088dde41e56f9630dbf087cb9ef1
Instruction ID: aa768605f9d3ace40fb2d1a48a6e977063e0f39faef666e6a8a9304286d65367
Opcode Fuzzy Hash: f4c277ba797cd8294015431adffaa5d04caf088dde41e56f9630dbf087cb9ef1
Instruction Fuzzy Hash: 00415C74645214DFCB12CF58C894FE9BBF5FB49315F9581E8E4249B2A1CB30AD82CB90

Function 00B116DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00B116EB

Part of subcall function 00AE3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AE3A57
Part of subcall function 00AE3A3D: GetCurrentThreadId.KERNEL32 ref: 00AE3A5E
Part of subcall function 00AE3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00AE25B3), ref: 00AE3A65

GetCaretPos.USER32(?), ref: 00B116FF
ClientToScreen.USER32(00000000,?), ref: 00B1174C
GetForegroundWindow.USER32 ref: 00B11752

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: 22d285651f354046bb8acbee78ee73d68763d9f413df2702cf9bfd5f418500ee
Instruction ID: fe2998b1408d215ccf8b39ec7f13314db4f6090f6b29ad75e9ec2570412a37b4
Opcode Fuzzy Hash: 22d285651f354046bb8acbee78ee73d68763d9f413df2702cf9bfd5f418500ee
Instruction Fuzzy Hash: 95314FB1D00249AFDB00EFA9C985CEEBBF9EF48304B5080A9E515E7251DB31DE45CBA1

Function 00AEDF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 00A87620: _wcslen.LIBCMT ref: 00A87625

_wcslen.LIBCMT ref: 00AEDFCB
_wcslen.LIBCMT ref: 00AEDFE2
_wcslen.LIBCMT ref: 00AEE00D
GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00AEE018

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$ExtentPoint32Text
String ID:
API String ID: 3763101759-0
Opcode ID: 41597d088d2b48cd9adfd580e155b33d2bf093156247fce5a5e11cd5f9e57aa7
Instruction ID: 1aa2b32dcfb2eb96864cf138d7928c7be2ba0669b1b2f5e431d9c60f125b631c
Opcode Fuzzy Hash: 41597d088d2b48cd9adfd580e155b33d2bf093156247fce5a5e11cd5f9e57aa7
Instruction Fuzzy Hash: DC219571940214EFCB10EFA9DA81BAEB7F8EF8A750F144065F805BB285D7709E41CBA1

Function 00AED4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00AED501
Process32FirstW.KERNEL32(00000000,?), ref: 00AED50F
Process32NextW.KERNEL32(00000000,?), ref: 00AED52F
CloseHandle.KERNEL32(00000000), ref: 00AED5DC

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 04286c35aee12d17553033f64fb6c3feaae8c29f7aa72a631696002ca8d9d7bd
Instruction ID: debf30f4b40d667d9fcafc999303fabec5d79a929a5b28caddced2258c6a4f65
Opcode Fuzzy Hash: 04286c35aee12d17553033f64fb6c3feaae8c29f7aa72a631696002ca8d9d7bd
Instruction Fuzzy Hash: E131AB71108340AFD300EF64C985ABFBBF8EF99354F54092DF585971A1EB719A48CBA2

Function 00B18FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2

GetCursorPos.USER32(?), ref: 00B19001
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00AD7711,?,?,?,?,?), ref: 00B19016
GetCursorPos.USER32(?), ref: 00B1905E
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00AD7711,?,?,?), ref: 00B19094

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: 1c71b671e93c4cef063449697ea06dc9a3c663114ca004df00f61f9d368b4790
Instruction ID: 8257312b48e8a22c385b67a91147fa22e0e1ec8f93ae8f1f205b40177bbca1cd
Opcode Fuzzy Hash: 1c71b671e93c4cef063449697ea06dc9a3c663114ca004df00f61f9d368b4790
Instruction Fuzzy Hash: 5D219F35600158EFCB25CF98CC69FEA7BF9EB49361F9440A9F90547261C7319D90DB60

Function 00AED2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,00B1CB68), ref: 00AED2FB
GetLastError.KERNEL32 ref: 00AED30A
CreateDirectoryW.KERNEL32(?,00000000), ref: 00AED319
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00B1CB68), ref: 00AED376

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: a8e85f408d67f3f42803662d087c0a040f2c94f90ceba1a413b198f01a7f5cff
Instruction ID: a286d5f5618841d99346c8e3eaea8ebcf66f8391cbca1c610bd319b7fd01a2b5
Opcode Fuzzy Hash: a8e85f408d67f3f42803662d087c0a040f2c94f90ceba1a413b198f01a7f5cff
Instruction Fuzzy Hash: 2321B2745083429F8710EF29C9818AFBBE4EE5A324F504A1DF499DB2E1DB30D945CB93

Function 00AE1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00AE1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00AE102A
Part of subcall function 00AE1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00AE1036
Part of subcall function 00AE1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE1045
Part of subcall function 00AE1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE104C
Part of subcall function 00AE1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE1062

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00AE15BE
_memcmp.LIBVCRUNTIME ref: 00AE15E1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE1617
HeapFree.KERNEL32(00000000), ref: 00AE161E

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: e90cc562b945d52d2a1a2918d5caaf9c93c5eeaf7263fb0cf13c2d95be007bd5
Instruction ID: b41f2110c9f47ef8485a03d9e48d6862dbb7cbffffe2ca4195aa633f5abc11f6
Opcode Fuzzy Hash: e90cc562b945d52d2a1a2918d5caaf9c93c5eeaf7263fb0cf13c2d95be007bd5
Instruction Fuzzy Hash: 27218E71E40219EFDF10DFA6C949BEEB7B8EF44354F188459E445AB241E731AE05CBA0

Function 00B12782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 00B1280A
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00B12824
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00B12832
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00B12840

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: 6dd1b5398585125dce17fe33f5732a68557a5a5360d2f53c64b3f527972406a2
Instruction ID: e96ddc2b66a01df7f8c6ff5e9b9c1bee5d8285b886ab23315a6a812cd68f065d
Opcode Fuzzy Hash: 6dd1b5398585125dce17fe33f5732a68557a5a5360d2f53c64b3f527972406a2
Instruction Fuzzy Hash: CA21B031205511AFD7149B24D845FEA7B96EF86324F548198F826CB6E2CB71FC92CBD0

Function 00AE78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00AE8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00AE790A,?,000000FF,?,00AE8754,00000000,?,0000001C,?,?), ref: 00AE8D8C
Part of subcall function 00AE8D7D: lstrcpyW.KERNEL32(00000000,?,?,00AE790A,?,000000FF,?,00AE8754,00000000,?,0000001C,?,?,00000000), ref: 00AE8DB2
Part of subcall function 00AE8D7D: lstrcmpiW.KERNEL32(00000000,?,00AE790A,?,000000FF,?,00AE8754,00000000,?,0000001C,?,?), ref: 00AE8DE3

lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00AE8754,00000000,?,0000001C,?,?,00000000), ref: 00AE7923
lstrcpyW.KERNEL32(00000000,?,?,00AE8754,00000000,?,0000001C,?,?,00000000), ref: 00AE7949
lstrcmpiW.KERNEL32(00000002,cdecl,?,00AE8754,00000000,?,0000001C,?,?,00000000), ref: 00AE7984

Strings

cdecl, xrefs: 00AE797B

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: 29ec32684cea1473b2422265b8a943cf8f6dad848e99e95f5f48eca809497d6c
Instruction ID: 7aa42df7300fdfca5fdd56fbf71b466edbc2bf60f84d5fec1028422d81d58ff4
Opcode Fuzzy Hash: 29ec32684cea1473b2422265b8a943cf8f6dad848e99e95f5f48eca809497d6c
Instruction Fuzzy Hash: 8611D33A200382AFCB159F36DC45E7A77E9FF85750B50802AF946C72A5EF319811D7A1

Function 00B17CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 00B17D0B
SetWindowLongW.USER32(00000000,000000F0,?), ref: 00B17D2A
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00B17D42
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00AFB7AD,00000000), ref: 00B17D6B

Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: 35124e5a348ab933d3758287120625fad6ef116b5deaef6c20757f4c862fee83
Instruction ID: a2af15a61b500a88f66be275ba0ce47d3d8d5ee949e6583356e55ce1c3fd7829
Opcode Fuzzy Hash: 35124e5a348ab933d3758287120625fad6ef116b5deaef6c20757f4c862fee83
Instruction Fuzzy Hash: 7311AE71284618AFCB108F28DC04AE63BE5EF45364B5187A4F835C72E0DB3089A1CB80

Function 00B15660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001060,?,00000004), ref: 00B156BB
_wcslen.LIBCMT ref: 00B156CD
_wcslen.LIBCMT ref: 00B156D8
SendMessageW.USER32(?,00001002,00000000,?), ref: 00B15816

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend_wcslen
String ID:
API String ID: 455545452-0
Opcode ID: b6b3440077730e70a61baa3fb3169d8ca1d964c2be5be6619249ab367649466a
Instruction ID: ff6d657b61007254bb3865baeb91a2b5a2cc3c7ad277c5d632a060197f0b8959
Opcode Fuzzy Hash: b6b3440077730e70a61baa3fb3169d8ca1d964c2be5be6619249ab367649466a
Instruction Fuzzy Hash: 6D11E131600608DADB309F65CCC1AEE77ECEF95364B9040A6F915D7185EB708AC0CBA0

Function 00AB1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa6f8256232fe39a59e33b255130bfc3580542e53f95d12b4d936e1f93696e18
Instruction ID: 09a7772be6a12e7c23c3f72df18619116cdbae3eb82430631556e523cb747f92
Opcode Fuzzy Hash: fa6f8256232fe39a59e33b255130bfc3580542e53f95d12b4d936e1f93696e18
Instruction Fuzzy Hash: 9701ADB220961A7EF62126786CD0FE76B6CDF817B8FB00326F525A21D3DB608C105160

Function 00AE1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00AE1A47
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00AE1A59
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00AE1A6F
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00AE1A8A

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 1b26749355b095b9e1af9a9f4e0fca13616586657272f000c5e0746286dc6c87
Instruction ID: ce0c25d109c77da81e7175077db278790737dbf50564bd3a4dbcf329394a7dd3
Opcode Fuzzy Hash: 1b26749355b095b9e1af9a9f4e0fca13616586657272f000c5e0746286dc6c87
Instruction Fuzzy Hash: EB11093AD41229FFEB11DBA5CD85FADBB78EB08750F2000A1EA05B7290D6716E50DB94

Function 00AEE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00AEE1FD
MessageBoxW.USER32(?,?,?,?), ref: 00AEE230
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00AEE246
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00AEE24D

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: 1ddf2ef8e9f63da237eed4d914bdad5294d7da642e0316b54c32619cf78c0d80
Instruction ID: c1253d33ac23d696940bb0aa0c3c8d53a9d6b7b0b54f6a3d9d0ef77237cec715
Opcode Fuzzy Hash: 1ddf2ef8e9f63da237eed4d914bdad5294d7da642e0316b54c32619cf78c0d80
Instruction Fuzzy Hash: 6111C876904254BBCB01DFAD9C05BDE7FADEB45311F148655F925E3291DAB08D048BA0

Function 00AAD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,00AACFF9,00000000,00000004,00000000), ref: 00AAD218
GetLastError.KERNEL32 ref: 00AAD224
__dosmaperr.LIBCMT ref: 00AAD22B
ResumeThread.KERNEL32(00000000), ref: 00AAD249

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr
String ID:
API String ID: 173952441-0
Opcode ID: 0af6841e362be37951f5f4d1ec708c05b82ba3d035dad04fa60538608a88eb50
Instruction ID: 3a4623f1bddd6842abcb7fc45820452edfdafc96f4517f0514a0487463300b7f
Opcode Fuzzy Hash: 0af6841e362be37951f5f4d1ec708c05b82ba3d035dad04fa60538608a88eb50
Instruction Fuzzy Hash: 1701C076845204BBDB216BA5DC09BEE7E69EF83330F104229F926935D0DF708905C6A0

Function 00B19EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2

GetClientRect.USER32(?,?), ref: 00B19F31
GetCursorPos.USER32(?), ref: 00B19F3B
ScreenToClient.USER32(?,?), ref: 00B19F46
DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00B19F7A

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: 879d0b406c0ca5eea2b0d55fefd3c30cab0250300cba4865a8bdf5592b6b65d4
Instruction ID: 7762cc8d0b2d46326bc0ae461edc1d0160ea906a8a3f5af722259166ea4821e3
Opcode Fuzzy Hash: 879d0b406c0ca5eea2b0d55fefd3c30cab0250300cba4865a8bdf5592b6b65d4
Instruction Fuzzy Hash: 71115A3290025ABBDB10DF68C8999EE7BF9FB05311F904495F911E3140D730BAC2CBA1

Function 00A8600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A8604C
GetStockObject.GDI32(00000011), ref: 00A86060
SendMessageW.USER32(00000000,00000030,00000000), ref: 00A8606A

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: 876f515731628bc48a96007c20cc38fc7a70436c2e40502da481693acb2a8cf8
Instruction ID: ac67d790e2e12b8246c83db20d512fc323702d02894a086cfd661ed20879adbf
Opcode Fuzzy Hash: 876f515731628bc48a96007c20cc38fc7a70436c2e40502da481693acb2a8cf8
Instruction Fuzzy Hash: 2F116D72501508BFEF125FA49C54FEABF79EF083A5F048215FA1452150DB329C60DBA5

Function 00AA3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 00AA3B56

Part of subcall function 00AA3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00AA3AD2
Part of subcall function 00AA3AA3: ___AdjustPointer.LIBCMT ref: 00AA3AED

_UnwindNestedFrames.LIBCMT ref: 00AA3B6B
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00AA3B7C
CallCatchBlock.LIBVCRUNTIME ref: 00AA3BA4

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction ID: 5f1ebb6a4ea588ae01599e41dc7aec32c2d817bf2e2b74d4386c2a8ea009a06f
Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction Fuzzy Hash: 5C011732100148BBDF126F95DD42EEB7B6AEF8A754F044018FE4857161C772E9619BA0

Function 00AB3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00A813C6,00000000,00000000,?,00AB301A,00A813C6,00000000,00000000,00000000,?,00AB328B,00000006,FlsSetValue), ref: 00AB30A5
GetLastError.KERNEL32(?,00AB301A,00A813C6,00000000,00000000,00000000,?,00AB328B,00000006,FlsSetValue,00B22290,FlsSetValue,00000000,00000364,?,00AB2E46), ref: 00AB30B1
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00AB301A,00A813C6,00000000,00000000,00000000,?,00AB328B,00000006,FlsSetValue,00B22290,FlsSetValue,00000000), ref: 00AB30BF

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 2870e7d44bba079c35e9cfe09bf5380bf00a93da77b916b0db196def42a5e3ba
Instruction ID: e1c07bd83d07ac288309b3d3ef2456d27420a2131ca39aa4f69f4a4da7b1e125
Opcode Fuzzy Hash: 2870e7d44bba079c35e9cfe09bf5380bf00a93da77b916b0db196def42a5e3ba
Instruction Fuzzy Hash: 5B01D437745322ABCF315B78AC44AD77B9CAF05B61B604620F906E7141CB21D901C6E0

Function 00AE7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00AE747F
LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00AE7497
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00AE74AC
RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00AE74CA

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: 764085c5ec43042e0e8ea2dd415e7ecd11bf52d30f63d934a536000a6dbaed4e
Instruction ID: 39cbc3574eef8e176509798ee2b37470017d370202f64fca66082844cb399140
Opcode Fuzzy Hash: 764085c5ec43042e0e8ea2dd415e7ecd11bf52d30f63d934a536000a6dbaed4e
Instruction Fuzzy Hash: 2911C0B5249354AFE720CF19EC08F9A7FFCEB00B00F508569AA16DB191DBB0E904DB60

Function 00AEB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00AEACD3,?,00008000), ref: 00AEB0C4
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00AEACD3,?,00008000), ref: 00AEB0E9
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00AEACD3,?,00008000), ref: 00AEB0F3
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00AEACD3,?,00008000), ref: 00AEB126

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: dec7312deb7b900406594f4e9b68e1d21c17dbdad4085167d556d7ebe8a70672
Instruction ID: b7eccab7837ed9a258d33b4b84e0ed9e21c3b09144b269af3ff5823fdab6d9ae
Opcode Fuzzy Hash: dec7312deb7b900406594f4e9b68e1d21c17dbdad4085167d556d7ebe8a70672
Instruction Fuzzy Hash: F8113931D51668E7CF00AFEAE9986EFBF78FF09721F108186D941B3181CB3056509B61

Function 00B17E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00B17E33
ScreenToClient.USER32(?,?), ref: 00B17E4B
ScreenToClient.USER32(?,?), ref: 00B17E6F
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B17E8A

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: e17b4ebabd5a93e2478db96bf53c98214831750bcb6a71a6bdeb3a00bdd731d9
Instruction ID: cb7138445afde10a599c7e10b8bf7ce63e16626ca6aa0ae5705a5cd50520c748
Opcode Fuzzy Hash: e17b4ebabd5a93e2478db96bf53c98214831750bcb6a71a6bdeb3a00bdd731d9
Instruction Fuzzy Hash: 611143B9D4020AAFDB41CF98C8849EEBBF9FB09310F509056E915E3210D775AA54CF50

Function 00AE2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00AE2DC5
GetWindowThreadProcessId.USER32(?,00000000), ref: 00AE2DD6
GetCurrentThreadId.KERNEL32 ref: 00AE2DDD
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00AE2DE4

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: 7d813e1b1cd9705c103bdaa2943cd108aed26b5ec49836f25be04420b9aa0e48
Instruction ID: c810ce456f17117b126c3d3f2077dd9ff58eb24325f1a103051e0ed3cda53541
Opcode Fuzzy Hash: 7d813e1b1cd9705c103bdaa2943cd108aed26b5ec49836f25be04420b9aa0e48
Instruction Fuzzy Hash: 79E06D715812247AD7201B639C4DFEB3E6CEB42BA1F904115B205D3080DEA08840C6B0

Function 00B18863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00A99639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A99693
Part of subcall function 00A99639: SelectObject.GDI32(?,00000000), ref: 00A996A2
Part of subcall function 00A99639: BeginPath.GDI32(?), ref: 00A996B9
Part of subcall function 00A99639: SelectObject.GDI32(?,00000000), ref: 00A996E2

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00B18887
LineTo.GDI32(?,?,?), ref: 00B18894
EndPath.GDI32(?), ref: 00B188A4
StrokePath.GDI32(?), ref: 00B188B2

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: 3fa39ffe5406faa88db0a33f53207ac172973346409060cf7b0d4b83c4addfec
Instruction ID: e666af22e73f205a2754a5af1f31cf0930c2c3581d8065468559784afcfcb517
Opcode Fuzzy Hash: 3fa39ffe5406faa88db0a33f53207ac172973346409060cf7b0d4b83c4addfec
Instruction Fuzzy Hash: A0F05E36081258FADB125F98AC0EFCE3F99AF0A311F848040FA11660E2CB755562CFE9

Function 00A998B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00A998CC
SetTextColor.GDI32(?,?), ref: 00A998D6
SetBkMode.GDI32(?,00000001), ref: 00A998E9
GetStockObject.GDI32(00000005), ref: 00A998F1

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Color$ModeObjectStockText
String ID:
API String ID: 4037423528-0
Opcode ID: 23c1f9a1639bd2078d4ec6702b1577dce1b964eca1d479f570554133c909358f
Instruction ID: 2cb40900c98affeaa04e82d4951786373fe716d6727e6d553ec8b5b3589f9c45
Opcode Fuzzy Hash: 23c1f9a1639bd2078d4ec6702b1577dce1b964eca1d479f570554133c909358f
Instruction Fuzzy Hash: 0AE06D312C4280BADB215B78BC09BED3F61AB12336F14C21AF6FA690E1CB7146509B11

Function 00AE162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00AE1634
OpenThreadToken.ADVAPI32(00000000,?,?,?,00AE11D9), ref: 00AE163B
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00AE11D9), ref: 00AE1648
OpenProcessToken.ADVAPI32(00000000,?,?,?,00AE11D9), ref: 00AE164F

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: a12d81bebd1b4533a93e0126f7ace81b63c1ccab4a4a1abd9b28f497464ead59
Instruction ID: 62e9f2d609b2f771d30f631269f79544377d852cace0ea481e514b0908593791
Opcode Fuzzy Hash: a12d81bebd1b4533a93e0126f7ace81b63c1ccab4a4a1abd9b28f497464ead59
Instruction Fuzzy Hash: F8E08631641221DBD7202FA1AD0DBC63F7CBF45795F14C808F245CB080DA344540C754

Function 00ADD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00ADD858
GetDC.USER32(00000000), ref: 00ADD862
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00ADD882
ReleaseDC.USER32(?), ref: 00ADD8A3

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 63b70cb8b337c1237aaab46e39640a08b40c29c9fa3ada48e7f3376cc19abcba
Instruction ID: 47df62f2fdd0fc0fa3c44e057940a52211bcfb766e1bf829168e6c43f43702fe
Opcode Fuzzy Hash: 63b70cb8b337c1237aaab46e39640a08b40c29c9fa3ada48e7f3376cc19abcba
Instruction Fuzzy Hash: 4AE012B4840204EFCF41AFA0D90CAADBFB2FB08310F60D009E80AE7250CB388A41EF50

Function 00ADD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00ADD86C
GetDC.USER32(00000000), ref: 00ADD876
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00ADD882
ReleaseDC.USER32(?), ref: 00ADD8A3

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 980bcc27c3d7f91dee28e973223a1226f8abce5e6d2295ab376f30973c1b3388
Instruction ID: 3a59e6db21bd869b58a5e74a9f9b015398c77a5b155c3dc9ab3265aa2c149902
Opcode Fuzzy Hash: 980bcc27c3d7f91dee28e973223a1226f8abce5e6d2295ab376f30973c1b3388
Instruction Fuzzy Hash: 48E092B5D40204EFCF51AFA0D94C6ADBFB5BB08311B549449E94AE7250CB385A41EF50

Function 00AF4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 00A87620: _wcslen.LIBCMT ref: 00A87625

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00AF4ED4

Strings

*, xrefs: 00AF4E10
LPT, xrefs: 00AF4DFB

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: 40386a0da1a9c1233c2de054470dbd89c0e023f08b6282a386d13910be39c6d5
Instruction ID: 4cedac2c7433002cade8e7407ab77220909dbb08c861549711edc20359a055ba
Opcode Fuzzy Hash: 40386a0da1a9c1233c2de054470dbd89c0e023f08b6282a386d13910be39c6d5
Instruction Fuzzy Hash: 72916D75A002089FCB14DF98C584EAABBF1BF48704F188099F94A9F362D731ED85CB90

Function 00AAE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00AAE30D

Strings

pow, xrefs: 00AAE2E5, 00AAE302

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 6b08328f2cbd3a768d6c35b419a72a8f644e1ae095e136f41b4dafc66f9caefd
Instruction ID: ff8a8bf960050d990880c8c5d85093c2e86a83ff9d01bc8f0c718ee9acc2b030
Opcode Fuzzy Hash: 6b08328f2cbd3a768d6c35b419a72a8f644e1ae095e136f41b4dafc66f9caefd
Instruction Fuzzy Hash: E9512B71A0C20296CF15F718CA417FD3BACAF81780F344D98E096872EAEF758C959A56

Function 00A9E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 00A9E1B1

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 4f9745b836c850abcc94e22845c01d4737a728ad17069356660ec6b3f878ff09
Instruction ID: b9e308044d0e92b5feb3af82c1b4279b8d7009aa6e2a02031fa4b38d8e70b333
Opcode Fuzzy Hash: 4f9745b836c850abcc94e22845c01d4737a728ad17069356660ec6b3f878ff09
Instruction Fuzzy Hash: 1F51F175A04246DFDF15EF68C481AFA7BB8EF65310F24405AE8929F3D1DA349D42CBA0

Function 00A9F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 00A9F2A2
GlobalMemoryStatusEx.KERNEL32(?), ref: 00A9F2BB

Strings

@, xrefs: 00A9F2AF

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: 3e04200a84c0a28bc5db054fd99e746fbb6adfdf79b0a62dd6f78b0f8fd1214f
Instruction ID: b56842a9a52dac5e9755d844b4559579e16eca8998d5634edfffa322aca9e7b0
Opcode Fuzzy Hash: 3e04200a84c0a28bc5db054fd99e746fbb6adfdf79b0a62dd6f78b0f8fd1214f
Instruction Fuzzy Hash: 375158714087449BE320AF14ED86BAFBBF8FF84314F91884DF2D951195EB308929CB66

Function 00B05745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00B057E0
_wcslen.LIBCMT ref: 00B057EC

Strings

CALLARGARRAY, xrefs: 00B057E6, 00B057EB

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: BuffCharUpper_wcslen
String ID: CALLARGARRAY
API String ID: 157775604-1150593374
Opcode ID: fbe4e43f3dcd72b4c8db06beb1e997c85a325548395c563cfd0938338e898d9d
Instruction ID: 306db88396470623a79a457c240fdfcac46863aa616754723ca019f59d92bb4e
Opcode Fuzzy Hash: fbe4e43f3dcd72b4c8db06beb1e997c85a325548395c563cfd0938338e898d9d
Instruction Fuzzy Hash: 34418F31A006099FCB14DFA9C9859BEBBF9EF59350F1480A9E905A7291EB70DD81CF90

Function 00AFD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00AFD130
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00AFD13A

Strings

|, xrefs: 00AFD10B

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CrackInternet_wcslen
String ID: |
API String ID: 596671847-2343686810
Opcode ID: 29eacb24e421cec4f35ef6264e2d5d3ef65d0b94b61ee2501ef735229efe15fb
Instruction ID: 7cd27ef544fda1af982c9116655a919ef2b8c6432e83e7ba100c2b0c80fcc86f
Opcode Fuzzy Hash: 29eacb24e421cec4f35ef6264e2d5d3ef65d0b94b61ee2501ef735229efe15fb
Instruction Fuzzy Hash: 81313E71D00209ABDF15EFE4CD85AEEBFBAFF05300F000119F915A6165E731AA56DB64

Function 00B1356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00B13621
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00B1365C

Strings

static, xrefs: 00B135BC

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: 378a46b8fc39d3c6c171654afb77e20a65cc998d7373d4af5f0492fa85b724ac
Instruction ID: 7a381924f0126c8c612731a38aef9ad43b7ed771e93fa57426dfd0e8b16c20fd
Opcode Fuzzy Hash: 378a46b8fc39d3c6c171654afb77e20a65cc998d7373d4af5f0492fa85b724ac
Instruction Fuzzy Hash: AA319E71100204AEEB109F28DC80FFB73E9FF98B64F508619F9A597290DA30AD91C760

Function 00B14537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00B1461F
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00B14634

Strings

', xrefs: 00B1458E

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: dedc2322882a607ec1043d0423c9e9d56c1926f0d93f4b0f4b0389d4a95a6203
Instruction ID: 4d92ea4e928e208d882ca1c8ab252e6f621da106a7ab9440e3127c16216985e5
Opcode Fuzzy Hash: dedc2322882a607ec1043d0423c9e9d56c1926f0d93f4b0f4b0389d4a95a6203
Instruction Fuzzy Hash: 03311674A0020A9FDF14CFA9C980BDA7BF6FB19304F5444AAE904AB341D770A981CF90

Function 00B131EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00B1327C
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B13287

Strings

Combobox, xrefs: 00B13249

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: 56b7fa2e1c6ad39d52cac01c21ad6195df610035f758ce4d743d9f4dc7bd7d08
Instruction ID: 53882d87cff31623f933b09403412f7b4ecc0595fa98c607630864633cbebaa2
Opcode Fuzzy Hash: 56b7fa2e1c6ad39d52cac01c21ad6195df610035f758ce4d743d9f4dc7bd7d08
Instruction Fuzzy Hash: B511B2713002087FFF21AE54DC80EFB3BEAEB98764F504164F918A7290E6319D9187A0

Function 00B13710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 00A8600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A8604C
Part of subcall function 00A8600E: GetStockObject.GDI32(00000011), ref: 00A86060
Part of subcall function 00A8600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A8606A

GetWindowRect.USER32(00000000,?), ref: 00B1377A
GetSysColor.USER32(00000012), ref: 00B13794

Strings

static, xrefs: 00B13757

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: b8b4084e399041024a838f210547763b09e644b6152bd47ef55744c236e474f7
Instruction ID: 2b02397816be642be00fd4dbd5c6ae68816a7c1c597e3e76db34dba2bcba12bb
Opcode Fuzzy Hash: b8b4084e399041024a838f210547763b09e644b6152bd47ef55744c236e474f7
Instruction Fuzzy Hash: 461137B2610209AFDF01DFA8CC46EEA7BF8FB08714F404954F955E3250EB35E8619B60

Function 00AFCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00AFCD7D
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00AFCDA6

Strings

<local>, xrefs: 00AFCD66

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: bd163f0ef1fb2529d547fa116c432cf770f4eea48050162a826defa563346eb0
Instruction ID: 8298fa73180333a4fbb2e0e5f0aa04c8b4b1d34335fe34029f73749cb323185b
Opcode Fuzzy Hash: bd163f0ef1fb2529d547fa116c432cf770f4eea48050162a826defa563346eb0
Instruction Fuzzy Hash: 4E11C27124563DBAD7384BA78C49EFBBEACEF127B4F40422AB20983080D7709941D6F0

Function 00B13429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 00B134AB
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00B134BA

Strings

edit, xrefs: 00B1348F

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: 698ac6083e2a317bacaae59bf48c6f52c202edadd96caca34e2cd2de59a08edf
Instruction ID: 26cddfcb56284b7365fc855b9dafc8239dd521b9aaa4b728af2a57d25c399cb8
Opcode Fuzzy Hash: 698ac6083e2a317bacaae59bf48c6f52c202edadd96caca34e2cd2de59a08edf
Instruction Fuzzy Hash: 2811BF71100208AFEB228E64DC80AEB3BEAEB14B74F908364FA65932E0D731DCD19750

Function 00AE6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

CharUpperBuffW.USER32(?,?,?), ref: 00AE6CB6
_wcslen.LIBCMT ref: 00AE6CC2

Strings

STOP, xrefs: 00AE6CBC, 00AE6CC1

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: 119a9923c767e30e8cbe9a0c501109e4e5afc65f942f010a4c07b2fef02cf569
Instruction ID: 73397bbb514a74dc60eb0c35c2a0477fc45db645796b1aeabfa581dfc0dfbe4a
Opcode Fuzzy Hash: 119a9923c767e30e8cbe9a0c501109e4e5afc65f942f010a4c07b2fef02cf569
Instruction Fuzzy Hash: E90104326009668BCB20AFBECC908BF77B5FAB57907600D28E86293191EB31D900C750

Function 00AE1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00AE1D4C

Strings

ListBox, xrefs: 00AE1D16
ComboBox, xrefs: 00AE1CEB

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: eaf1fd8aaccb4dfd4b630a988e19747808662b4ac6436ae9aad2398c06e71741
Instruction ID: 665c46336464af906f79be9e7e0cfe5f1bcc292fa6ee1c6bec0dd93439e218de
Opcode Fuzzy Hash: eaf1fd8aaccb4dfd4b630a988e19747808662b4ac6436ae9aad2398c06e71741
Instruction Fuzzy Hash: 7101D471601228ABCF18FFA5CE95CFF77A8EB46350B540619F832672D2EA3199088761

Function 00AE1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA

SendMessageW.USER32(?,00000180,00000000,?), ref: 00AE1C46

Strings

ListBox, xrefs: 00AE1C10
ComboBox, xrefs: 00AE1BE5

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 598064eba1f80a2f16d6df52d332ae60dbd165afbf0f9f41fc45d86bc05864c4
Instruction ID: 219521cfae22db2279b7fef0fda3adbc69c3333d3cfd8ff37cd05422bdec20ef
Opcode Fuzzy Hash: 598064eba1f80a2f16d6df52d332ae60dbd165afbf0f9f41fc45d86bc05864c4
Instruction Fuzzy Hash: 1B01A7757811586BCF14FB91CA559FF77A89B51340F240019F416B7282EA319F1C97B2

Function 00AE1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA

SendMessageW.USER32(?,00000182,?,00000000), ref: 00AE1CC8

Strings

ListBox, xrefs: 00AE1C94
ComboBox, xrefs: 00AE1C69

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: f9bf0c6750e43ec6285a55d51edcb798858120b8439cad826b36c913a8f2bd3b
Instruction ID: ca1a386c1dc668e9590e563cdfbccb3132252fc6197b4994ff35c2c98e45c49f
Opcode Fuzzy Hash: f9bf0c6750e43ec6285a55d51edcb798858120b8439cad826b36c913a8f2bd3b
Instruction Fuzzy Hash: DB01D6B16811686BCF14FBA2CB05AFF77E89B51340F240415B802B3282EA319F18D772

Function 00AE1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA

SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00AE1DD3

Strings

ListBox, xrefs: 00AE1DA0
ComboBox, xrefs: 00AE1D75

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 0c2157a63edde5619c2b3b39d67c49d48f6d6705c54b0436aa6e0007e351a88b
Instruction ID: 489ad511cf2ce2fb7fe2fd73e059bd35f7da742797b1cbfa90c87b61eca47014
Opcode Fuzzy Hash: 0c2157a63edde5619c2b3b39d67c49d48f6d6705c54b0436aa6e0007e351a88b
Instruction Fuzzy Hash: E5F0A971A416296BDB14F7A5CD95AFF77B8AB01350F580915F422632C1EA715A088361

Function 00B0747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00B07493
_wcslen.LIBCMT ref: 00B074B9

Strings

3, 3, 16, 1, xrefs: 00B07483

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen
String ID: 3, 3, 16, 1
API String ID: 176396367-3042988571
Opcode ID: e49a2f2a9c59cc032bcc90ec9b0c28ec3425cdaff8527021fe5f461c41f1d59b
Instruction ID: 745ef6143674f96a0bf42f71bb34a4b558e4dab131f13032db4a5466ad9372dd
Opcode Fuzzy Hash: e49a2f2a9c59cc032bcc90ec9b0c28ec3425cdaff8527021fe5f461c41f1d59b
Instruction Fuzzy Hash: A7E02B02A5426010D23116799DC197FDBCDCFCA790710186BF981C33E6EFD49DA293A0

Function 00AE0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00AE0B23

Strings

AutoIt, xrefs: 00AE0B17
Error allocating memory., xrefs: 00AE0B1C

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: 7d38cbad8cd2bebb223f00b791f10dd6e76d0b89b9599c7c44833a4574d18d7d
Instruction ID: d8fb56594544b2b1fded4cc428a578748b20f5e7c5c64156763abb95710a9a38
Opcode Fuzzy Hash: 7d38cbad8cd2bebb223f00b791f10dd6e76d0b89b9599c7c44833a4574d18d7d
Instruction Fuzzy Hash: D3E0D8323843082BD62037547D03FC97EC58F06F50F10046AF748954D38BD1299006E9

Function 00AA0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00A9F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00AA0D71,?,?,?,00A8100A), ref: 00A9F7CE

IsDebuggerPresent.KERNEL32(?,?,?,00A8100A), ref: 00AA0D75
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00A8100A), ref: 00AA0D84

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00AA0D7F

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: 27ac9a6d10525efad39fd3a1c923147eaf3fa8b29a605ac1398f9841a3ac4c9a
Instruction ID: 8d8519b1d8ecbda90ec3b10d69f21ca8bd2507eca54254e0fff6f67d2f72f5d3
Opcode Fuzzy Hash: 27ac9a6d10525efad39fd3a1c923147eaf3fa8b29a605ac1398f9841a3ac4c9a
Instruction Fuzzy Hash: C9E06D752007018BD360AFBCD508B927BE0AB01740F40896DE486C76A1EBB5E488CB91

Function 00AF3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00AF302F
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00AF3044

Strings

aut, xrefs: 00AF3038

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: ad50417d46135138b446c25fe3e4587a781bdfdfd676af17e440be1b22442af5
Instruction ID: 86746fb37b56eb8fefe5b2c17effc3894ee379a6ecefb47183f40609f7894a66
Opcode Fuzzy Hash: ad50417d46135138b446c25fe3e4587a781bdfdfd676af17e440be1b22442af5
Instruction Fuzzy Hash: EBD05EB254032867DA20A7A4AC0EFCB3F6CDB05750F4002A1B655E30A1DEF09A84CAD0

Function 00ADD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00ADD220

Strings

%.3d, xrefs: 00ADD22B
X64, xrefs: 00ADD2A8

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: 7f4fac8a890df5a8ebe4aa9759a77435b8a1733c5a31bfad8bd6b1052e71c719
Instruction ID: b1c19c2a58f15eefcadee1f373d5d5bcf97f02691a01ebd19a08c6b7c94d982d
Opcode Fuzzy Hash: 7f4fac8a890df5a8ebe4aa9759a77435b8a1733c5a31bfad8bd6b1052e71c719
Instruction Fuzzy Hash: 69D012B1948108EACF509AD0CC458F9B7BCEB18341F508453F807D2140DA34C649A761

Function 00B12322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B1232C
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00B1233F

Part of subcall function 00AEE97B: Sleep.KERNEL32 ref: 00AEE9F3

Strings

Shell_TrayWnd, xrefs: 00B12325

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 365d9ab950a8d9884e1585f13e1b41ff7df4ee727b2e52f10f5b07376c800ace
Instruction ID: e3963a4e3850132c5d4840c69aae7d489397bc6ac85026c279900e0dcb4ec2ec
Opcode Fuzzy Hash: 365d9ab950a8d9884e1585f13e1b41ff7df4ee727b2e52f10f5b07376c800ace
Instruction Fuzzy Hash: FDD0C9363D4350BAE664A771DC0FFC6AA55AB10B10F4089167645AB1E5D9A0A841CA54

Function 00B12356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B1236C
PostMessageW.USER32(00000000), ref: 00B12373

Part of subcall function 00AEE97B: Sleep.KERNEL32 ref: 00AEE9F3

Strings

Shell_TrayWnd, xrefs: 00B12365

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 11a4a1d4c6d0d75e840cd0ddec41532591853267d833888d8dda7e8f1ddfabb0
Instruction ID: 495225f42807eea0a4879174ba6ca9f06c53ad80cde0763d134e232db5fb695d
Opcode Fuzzy Hash: 11a4a1d4c6d0d75e840cd0ddec41532591853267d833888d8dda7e8f1ddfabb0
Instruction Fuzzy Hash: 2AD0C9323C13507AE664A771DC0FFC6AA55AB15B10F4089167645AB1E5D9A0A841CA54

Function 00ABBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00ABBE93
GetLastError.KERNEL32 ref: 00ABBEA1
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00ABBEFC

Memory Dump Source

Source File: 00000000.00000002.2926331716.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2926291821.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926435444.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926528777.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2926560338.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: cc0a370344734d7aa52872d76794b1a93c6ac4341fbc7a1cac0489ce2b410d7d
Instruction ID: f15a88f4a4c485231cbe407fd02426fcad01551f52f3516e4e38ce680390d154
Opcode Fuzzy Hash: cc0a370344734d7aa52872d76794b1a93c6ac4341fbc7a1cac0489ce2b410d7d
Instruction Fuzzy Hash: 1441C334610206AFCF258FB5CD44AFA7BADAF42310F244169F9599B1A2DBB0CD01DB70

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Static File Info

General

File Icon

Windows Analysis Report
file.exe

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre