Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1528406
MD5:	594a47a9d0fd4cc9e9222e73205f7ec9
SHA1:	79c4bc5fa28f9046a304ff4eb1cefbefd547bc05
SHA256:	1a812581c1857edd799361c4a557842fa80e85584307b4008459a14a09cb8bdf
Tags:	exeuser-Bitsight
Infos:

Detection

Credential Flusher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Credential Flusher

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

Found API chain indicative of sandbox detection

Machine Learning detection for sample

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Sample execution stops while process was sleeping (likely an evasion)

Sleep loop found (likely to delay execution)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Uses taskkill to terminate processes

Classification

Process Tree

System is w10x64

file.exe (PID: 6260 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 594A47A9D0FD4CC9E9222E73205F7EC9)

taskkill.exe (PID: 6464 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 1408 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 4032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 3488 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 3576 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 3784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6496 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 2800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 2828 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5716 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1720 --field-trial-handle=1952,i,5020417510788919816,11130381829757287265,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5304 --field-trial-handle=1952,i,5020417510788919816,11130381829757287265,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 8008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1952,i,5020417510788919816,11130381829757287265,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: file.exe PID: 6260	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security

String found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 519sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_95.14.dr	String found in binary or memory: https://accounts.google.com
Source: chromecache_95.14.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: file.exe, 00000000.00000002.3375453602.0000000001238000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd#
Source: chromecache_92.14.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_95.14.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_95.14.dr	String found in binary or memory: https://families.google.com/intl/
Source: chromecache_92.14.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_92.14.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_95.14.dr	String found in binary or memory: https://g.co/recover
Source: chromecache_95.14.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_95.14.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_95.14.dr	String found in binary or memory: https://play.google/intl/
Source: chromecache_95.14.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_95.14.dr	String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_95.14.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_95.14.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_95.14.dr	String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_95.14.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_95.14.dr	String found in binary or memory: https://policies.google.com/terms/location
Source: chromecache_95.14.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_92.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
Source: chromecache_95.14.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_95.14.dr	String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_95.14.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_92.14.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_95.14.dr	String found in binary or memory: https://www.google.com
Source: chromecache_95.14.dr	String found in binary or memory: https://www.google.com/intl/
Source: chromecache_92.14.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_92.14.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_92.14.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_92.14.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_92.14.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_92.14.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_95.14.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_95.14.dr	String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: file.exe, 00000000.00000003.3374571047.0000000001273000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/
Source: file.exe, 00000000.00000003.3374743719.000000000126A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3374999226.000000000126A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2144252658.0000000001104000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3375569039.000000000126A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3375040467.000000000126A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3374604078.000000000126A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: chromecache_95.14.dr	String found in binary or memory: https://youtube.com/t/terms?gl=

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.6:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49850 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.6:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50038 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50044 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0096EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_0096EAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0096ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_0096ED6A

Source: C:\Users\user\Desktop\file.exe

0_2_0096EAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0095AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

0_2_0095AA57

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00989576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_00989576

System Summary

Binary is likely a compiled AutoIt script file

Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.2122584121.00000000009B2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_7f57455b-f
Source: file.exe, 00000000.00000000.2122584121.00000000009B2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_d25db5b7-9
Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_8960ba94-2
Source: file.exe	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_36011ad8-6

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0095D5EB: CreateFileW,DeviceIoControl,CloseHandle,

0_2_0095D5EB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00951201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00951201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0095E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_0095E8F6

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00962046	0_2_00962046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F8060	0_2_008F8060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00958298	0_2_00958298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092E4FF	0_2_0092E4FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092676B	0_2_0092676B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00984873	0_2_00984873
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091CAA0	0_2_0091CAA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FCAF0	0_2_008FCAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090CC39	0_2_0090CC39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00926DD9	0_2_00926DD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F91C0	0_2_008F91C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090B119	0_2_0090B119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00911394	0_2_00911394
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091781B	0_2_0091781B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F7920	0_2_008F7920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090997D	0_2_0090997D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00917A4A	0_2_00917A4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00917CA7	0_2_00917CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00929EEE	0_2_00929EEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097BE44	0_2_0097BE44

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 008F9CB3 appears 31 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00910A30 appears 46 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0090F9F2 appears 40 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal72.troj.evad.winEXE@51/30@12/8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009637B5 GetLastError,FormatMessageW,

0_2_009637B5

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009510BF AdjustTokenPrivileges,CloseHandle,		0_2_009510BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009516C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		0_2_009516C3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009651CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_009651CD

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0097A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_0097A67C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0096648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

0_2_0096648E

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008F42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_008F42A2

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7020:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3784:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2800:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7144:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4032:120:WilError_03

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 26%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1720 --field-trial-handle=1952,i,5020417510788919816,11130381829757287265,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5304 --field-trial-handle=1952,i,5020417510788919816,11130381829757287265,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1952,i,5020417510788919816,11130381829757287265,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1720 --field-trial-handle=1952,i,5020417510788919816,11130381829757287265,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5304 --field-trial-handle=1952,i,5020417510788919816,11130381829757287265,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1952,i,5020417510788919816,11130381829757287265,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_008F42DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00910A76 push ecx; ret

0_2_00910A89

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_0090F98E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00981C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_00981C41

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\Desktop\file.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_0-96862

Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 7254			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window / User API: foregroundWindowGot 1775			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

API coverage: 3.7 %

Source: C:\Users\user\Desktop\file.exe TID: 6424

Thread sleep time: -72540s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

Thread sleep count: Count: 7254 delay: -10

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	0_2_0095DBBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092C2A2 FindFirstFileExW,	0_2_0092C2A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009668EE FindFirstFileW,FindClose,	0_2_009668EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	0_2_0096698F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_0095D076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_0095D3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00969642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00969642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0096979D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00969B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00969B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00965C97 FindFirstFileW,FindNextFileW,FindClose,	0_2_00965C97

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_008F42DE

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0096EAA2 BlockInput,

0_2_0096EAA2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00922622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00922622

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_008F42DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00914CE8 mov eax, dword ptr fs:[00000030h]

0_2_00914CE8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00950B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

0_2_00950B62

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00922622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00922622
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0091083F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009109D5 SetUnhandledExceptionFilter,	0_2_009109D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00910C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00910C21

Source: C:\Users\user\Desktop\file.exe

0_2_00951201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00932BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_00932BA5

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0095B226 SendInput,keybd_event,

0_2_0095B226

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009722DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

0_2_009722DA

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00950B62

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00951663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00951663

Source: file.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00910698 cpuid

0_2_00910698

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00968195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,

0_2_00968195

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0094D27A GetUserNameW,

0_2_0094D27A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0092B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,

0_2_0092B952

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008F42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_008F42DE

Stealing of Sensitive Information

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: file.exe PID: 6260, type: MEMORYSTR

Source: file.exe	Binary or memory string: WIN_81
Source: file.exe	Binary or memory string: WIN_XP
Source: file.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe	Binary or memory string: WIN_XPe
Source: file.exe	Binary or memory string: WIN_VISTA
Source: file.exe	Binary or memory string: WIN_7
Source: file.exe	Binary or memory string: WIN_8

Remote Access Functionality

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: file.exe PID: 6260, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00971204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		0_2_00971204
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00971806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		0_2_00971806

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	2 Disable or Modify Tools	21 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	21 Input Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Valid Accounts	2 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	3 Clipboard Data	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	16 System Information Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	2 Process Injection	2 Valid Accounts	LSA Secrets	12 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	12 Virtualization/Sandbox Evasion	Cached Domain Credentials	12 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Access Token Manipulation	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Process Injection	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	26%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://play.google/intl/	0%	URL Reputation	safe
https://families.google.com/intl/	0%	URL Reputation	safe
https://policies.google.com/technologies/location-data	0%	URL Reputation	safe
https://apis.google.com/js/api.js	0%	URL Reputation	safe
https://policies.google.com/privacy/google-partners	0%	URL Reputation	safe
https://policies.google.com/terms/service-specific	0%	URL Reputation	safe
https://g.co/recover	0%	URL Reputation	safe
https://policies.google.com/privacy/additional	0%	URL Reputation	safe
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	0%	URL Reputation	safe
https://policies.google.com/technologies/cookies	0%	URL Reputation	safe
https://policies.google.com/terms	0%	URL Reputation	safe
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	0%	URL Reputation	safe
https://support.google.com/accounts?hl=	0%	URL Reputation	safe
https://policies.google.com/terms/location	0%	URL Reputation	safe
https://policies.google.com/privacy	0%	URL Reputation	safe
https://support.google.com/accounts?p=new-si-ui	0%	URL Reputation	safe
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
youtube-ui.l.google.com	142.250.184.238	true	false	unknown
www3.l.google.com	172.217.18.14	true	false	unknown
play.google.com	172.217.16.206	true	false	unknown
www.google.com	142.250.185.100	true	false	unknown
youtube.com	142.250.186.142	true	false	unknown
accounts.youtube.com	unknown	unknown	false	unknown
www.youtube.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://play.google.com/log?format=json&hasfast=true&authuser=0	false	unknown
https://www.google.com/favicon.ico	false	unknown
https://play.google.com/log?hasfast=true&authuser=0&format=json	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://play.google/intl/	chromecache_95.14.dr	false	URL Reputation: safe	unknown
https://families.google.com/intl/	chromecache_95.14.dr	false	URL Reputation: safe	unknown
https://youtube.com/t/terms?gl=	chromecache_95.14.dr	false		unknown
https://policies.google.com/technologies/location-data	chromecache_95.14.dr	false	URL Reputation: safe	unknown
https://www.google.com/intl/	chromecache_95.14.dr	false		unknown
https://apis.google.com/js/api.js	chromecache_92.14.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/google-partners	chromecache_95.14.dr	false	URL Reputation: safe	unknown
https://play.google.com/work/enroll?identifier=	chromecache_95.14.dr	false		unknown
https://policies.google.com/terms/service-specific	chromecache_95.14.dr	false	URL Reputation: safe	unknown
https://g.co/recover	chromecache_95.14.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/additional	chromecache_95.14.dr	false	URL Reputation: safe	unknown
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	chromecache_95.14.dr	false	URL Reputation: safe	unknown
https://policies.google.com/technologies/cookies	chromecache_95.14.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms	chromecache_95.14.dr	false	URL Reputation: safe	unknown
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	chromecache_92.14.dr	false	URL Reputation: safe	unknown
https://www.google.com	chromecache_95.14.dr	false		unknown
https://play.google.com/log?format=json&hasfast=true	chromecache_95.14.dr	false		unknown
https://www.youtube.com/t/terms?chromeless=1&hl=	chromecache_95.14.dr	false		unknown
https://support.google.com/accounts?hl=	chromecache_95.14.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms/location	chromecache_95.14.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy	chromecache_95.14.dr	false	URL Reputation: safe	unknown
https://support.google.com/accounts?p=new-si-ui	chromecache_95.14.dr	false	URL Reputation: safe	unknown
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	chromecache_95.14.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.16.206	play.google.com	United States	15169	GOOGLEUS	false
172.217.18.14	www3.l.google.com	United States	15169	GOOGLEUS	false
142.250.185.100	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.142	youtube.com	United States	15169	GOOGLEUS	false
142.250.184.238	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false
172.217.18.110	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528406
Start date and time:	2024-10-07 22:07:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal72.troj.evad.winEXE@51/30@12/8
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 41 Number of non-executed functions: 307
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.46, 142.250.186.35, 66.102.1.84, 34.104.35.123, 172.217.16.138, 142.250.185.170, 142.250.74.202, 216.58.206.42, 216.58.206.74, 142.250.186.170, 172.217.16.202, 172.217.18.10, 142.250.186.74, 142.250.185.138, 142.250.186.138, 142.250.184.202, 142.250.185.74, 142.250.186.106, 142.250.185.106, 172.217.18.106, 142.250.181.227, 142.250.185.227, 142.250.181.234, 142.250.186.42, 192.229.221.95, 199.232.214.172, 216.58.206.67, 108.177.15.84, 199.232.210.172, 142.250.185.142
Excluded domains from analysis (whitelisted): clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://dsdhie.org/dsjhem	Get hash	malicious	Unknown	Browse
	L-tron_Payroll.docx	Get hash	malicious	Unknown	Browse
	https://communications-chamber-confidentiality-limitation.trycloudflare.com/spec/#bWNhcnR3cmlnaHRAY2hlbXVuZ2NhbmFsLmNvbQ==	Get hash	malicious	Unknown	Browse
	+18365366724753456-83736-10244688.html	Get hash	malicious	HTMLPhisher	Browse
	https://mailstat.us/tr/t/5w8u1qwlwl61e4h/1/https:/krediti.ca/#Y2FyYS5jJGNiZmxvb3JzaW5jLmNvbQ==	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse
	https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.hfdzwq?v=frudxdkniljyAkC.sEd.frl___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzo2MGY0ZmI3MTkzODQ4OWRiOGFlZjY2ODI4ODlkMDk3NDo3OmRlYjY6NjI5YzkxZjFmNmQ3ZjI1NWIxN2UwYTI5ZTNmZjcyMTQyNTg3NmZhMDQyOWZlMDI4MDhmODRlNWVhYWU3MjJhZDpoOlQ6VA#ZHN5aHJlQG9sZ29vbmlrLmNvbQ==	Get hash	malicious	Unknown	Browse
	https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.hfdzwq?v=frudxdkniljyAkC.sEd.frl___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzo2MGY0ZmI3MTkzODQ4OWRiOGFlZjY2ODI4ODlkMDk3NDo3OmRlYjY6NjI5YzkxZjFmNmQ3ZjI1NWIxN2UwYTI5ZTNmZjcyMTQyNTg3NmZhMDQyOWZlMDI4MDhmODRlNWVhYWU3MjJhZDpoOlQ6VA#ZHN5aHJlQG9sZ29vbmlrLmNvbQ==	Get hash	malicious	Unknown	Browse
	https://statics.teams.cdn.office.net/evergreen-assets/safelinks/1/atp-safelinks.html?url=https%3A%2F%2Fphpstack-1335745-4931432.cloudwaysapps.com%2F%23%26%26%2B~XanJlZEBwcm9hZy5jb20=&locale=en-us&dest=https%3A%2F%2Fteams.microsoft.com%2Fapi%2Fmt%2Fpart%2Famer-03%2Fbeta%2Fatpsafelinks%2Fgeturlreputationsitev2%2F&pc=dqIG3sYngZE8N2eRBkF7CAkOWKg5g3tGjnQGJGQlc61U8QGlKCs5AzH6JKtW7FyetS1g5oEXSNBKJVlJbTCgrea0O041dBSjafsPfOc5KxbMkQRnpwalZQdhHfcjoeWL7rzuDGG%252fj2e7scaAUTCy2PY0WmBb87rgNNPdmEQne%252f00jq9aOpwCvhJrGkNK5f8MP5jaUwccFhr9IIoVaCOrXUhSnuRv%252fw%252bxhUGpneOsAgBs7CjJQbmepBIHfEqwCkqvDbYbxYB4Hm9sLVAOFaz9VFMFSXPJt4MqeWAChikWLAZATmvniptR3h97WVF%252fZtjtm3RxdNyPROzhUvL92w9fdWmSw%252bHBxn5rMHOUpaQU16ZpcfATiVaU51fqKaYO2v4ZnK7axAavLgOpgAJivuE6JO2sqksPH41Z6PVam5c4J%252bwwz5Z2pqrOSxPxEcPGeDff%252bxp9PApNxpvURRLl98WzRw%252ftZEOu%252foKPhjN0OiTGAQDLRWTF%252bMCzSQg37tk7ZYUYYc0Ycs4xDjchhFprJCCSfrZ8WyHq6cjqmnbgDKRQig28xGNFnSDEeWMDBQeeeVyNqDv0FAAxkSAMO%252b7t4Qu1y0h0MHJYEb5pxfOYe8Pyfcsn7pyR%252fkKEqziEQVGlIETrpjVMNyrhJrnX9S%252flWaxf0H3tD%252fqMhzPysO9QdPSJTG054WE4jq5GRqTKu8P25t4KJLY15Oz2j5iCg7Bd5lczhgv4PQevplLuCGckM%252fs5EPk2r2FkSOxHF51EB5FR2TgXQR5UAp2BbaWTm9irKwSSUK5z1MsGMDokVMEB4bQ9mpZrl1%252bDMixJ1mQyyLXpelmEyN8zw1nTsbXAvDQgIvPLPj0QUtphEMnmVEXMkQHiw2WHWUSxIxYcY%252fltyp6bnMrankPAnpChbWQmk95rKsUz8tqtLjNDclK1y1FLy%252fh7sed9duxDDFupXnhmXxGJOmUV6FG1arxXL8urm1F98thG8anfchv3DafKsyVHHgmdUFNH6Uhcu4sB8fo0kqm2y7IWS96w5BeG334JvnFDJPLDPvtK5ojeXfDXh%252boKJdBxXGC9NmPwgDp8XeOavQnNlJRfUAXkhukdjDg1EHGF%252b9luUuTH%252fEbKHniTzx4OvIWUnDvXcdpuEIAnW8mDJzMXpmxpl3nwtTqeQWMeSNzjute9yTZEU%252beQk498EMyU%252fuPUg%252fSOH5r%252fwjGCsPpm%252f%252bUA00SsNvWuDD0AbNIKYubFuNKQ3SX6N7M11wOksoUG%252fz9IheWtOawwl7F0lqN3xkTQhfiiHovdudAPiB%252fzt25Im27XxPQ9s1c%252bnOWOPh6m%252bvaCQcj6bcwkFbNl5Y1KL7XQvirYSFsNXnrYuQvTPMk1n5CRq6dxsl9FRGV9MMdrZduC%252bG4B0zxLA58d8fTW2zfEXnRcMTgQKLK%252fmeZT7K3wwAvQiA%253d%253d%3B%20expires%3DWed%2C%2009%20Oct%202024%2014%3A05%3A23%20GMT%3B%20path%3D%2F%3B%20SameSite%3DNone%3B%20secu	Get hash	malicious	HTMLPhisher	Browse
	https://s.craft.me/yB5midhwwaHUPW	Get hash	malicious	HTMLPhisher	Browse
	https://t.dripemail3.com/c/eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJkZXRvdXIiLCJpc3MiOiJtb25vbGl0aCIsInN1YiI6ImRldG91cl9saW5rIiwiaWF0IjoxNzI4MzA1Mzk4LCJuYmYiOjE3MjgzMDUzOTgsImFjY291bnRfaWQiOiIyNzYyNjA5IiwiZGVsaXZlcnlfaWQiOiJpeHI5d3pqeGcwZnI2NGJjbGwycyIsInRva2VuIjoiaXhyOXd6anhnMGZyNjRiY2xsMnMiLCJzZW5kX2F0IjoxNzI4MzA0MzU0LCJlbWFpbF9pZCI6OTk2Mzg3MCwiZW1haWxhYmxlX3R5cGUiOiJCcm9hZGNhc3QiLCJlbWFpbGFibGVfaWQiOjM5NTM4MjUsInVybCI6Imh0dHBzOi8vZGFpbHlhbGFza2EuY29tL25ld3M_X19zPWw5bzljOTZzbG8xZjF3aGFiODZrJnV0bV9zb3VyY2U9ZHJpcCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj1TcHJpbmcraGFzK3NwcnVuZyslRjAlOUYlOEMlQjEifQ.HIDfaWGNVn-TCtUT4qZNHq7EdymoLEqvVA8XxZBU8z8	Get hash	malicious	HtmlDropper	Browse

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	L-tron_Payroll.docx	Get hash	malicious	Unknown	Browse	173.222.162.64
	WiTqtf1aiE.exe	Get hash	malicious	LummaC, Vidar	Browse	173.222.162.64
	https://ipp.safetyworksolutions.com/	Get hash	malicious	Unknown	Browse	173.222.162.64
	FdjDPFGTZS.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	173.222.162.64
	Aew8SXjXEb.exe	Get hash	malicious	Stealc	Browse	173.222.162.64
	TuQlz67byH.exe	Get hash	malicious	LummaC	Browse	173.222.162.64
	lCVFGKfczi.exe	Get hash	malicious	Vidar	Browse	173.222.162.64
	1f13Cs1ogc.exe	Get hash	malicious	Stealc	Browse	173.222.162.64
	file.exe	Get hash	malicious	Credential Flusher	Browse	173.222.162.64
	https://www.rhris.com/EmailEmploymentValidation.cfm?EmploymentRefID=E84F959AEA960B8186C356E23E6C822C8E204B6A75564EECEC1823507D68DDBF	Get hash	malicious	Unknown	Browse	173.222.162.64
28a2c9bd18a11de089ef85a160da29e4	L-tron_Payroll.docx	Get hash	malicious	Unknown	Browse	172.202.163.200 184.28.90.27 13.107.246.45
	SecuriteInfo.com.Win32.PWSX-gen.19404.14810.exe	Get hash	malicious	LummaC	Browse	172.202.163.200 184.28.90.27 13.107.246.45
	https://communications-chamber-confidentiality-limitation.trycloudflare.com/spec/#bWNhcnR3cmlnaHRAY2hlbXVuZ2NhbmFsLmNvbQ==	Get hash	malicious	Unknown	Browse	172.202.163.200 184.28.90.27 13.107.246.45
	+18365366724753456-83736-10244688.html	Get hash	malicious	HTMLPhisher	Browse	172.202.163.200 184.28.90.27 13.107.246.45
	https://mailstat.us/tr/t/5w8u1qwlwl61e4h/1/https:/krediti.ca/#Y2FyYS5jJGNiZmxvb3JzaW5jLmNvbQ==	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse	172.202.163.200 184.28.90.27 13.107.246.45
	https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.hfdzwq?v=frudxdkniljyAkC.sEd.frl___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzo2MGY0ZmI3MTkzODQ4OWRiOGFlZjY2ODI4ODlkMDk3NDo3OmRlYjY6NjI5YzkxZjFmNmQ3ZjI1NWIxN2UwYTI5ZTNmZjcyMTQyNTg3NmZhMDQyOWZlMDI4MDhmODRlNWVhYWU3MjJhZDpoOlQ6VA#ZHN5aHJlQG9sZ29vbmlrLmNvbQ==	Get hash	malicious	Unknown	Browse	172.202.163.200 184.28.90.27 13.107.246.45
	https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.hfdzwq?v=frudxdkniljyAkC.sEd.frl___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzo2MGY0ZmI3MTkzODQ4OWRiOGFlZjY2ODI4ODlkMDk3NDo3OmRlYjY6NjI5YzkxZjFmNmQ3ZjI1NWIxN2UwYTI5ZTNmZjcyMTQyNTg3NmZhMDQyOWZlMDI4MDhmODRlNWVhYWU3MjJhZDpoOlQ6VA#ZHN5aHJlQG9sZ29vbmlrLmNvbQ==	Get hash	malicious	Unknown	Browse	172.202.163.200 184.28.90.27 13.107.246.45
	WiTqtf1aiE.exe	Get hash	malicious	LummaC, Vidar	Browse	172.202.163.200 184.28.90.27 13.107.246.45
	https://s.craft.me/yB5midhwwaHUPW	Get hash	malicious	HTMLPhisher	Browse	172.202.163.200 184.28.90.27 13.107.246.45
	https://t.dripemail3.com/c/eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJkZXRvdXIiLCJpc3MiOiJtb25vbGl0aCIsInN1YiI6ImRldG91cl9saW5rIiwiaWF0IjoxNzI4MzA1Mzk4LCJuYmYiOjE3MjgzMDUzOTgsImFjY291bnRfaWQiOiIyNzYyNjA5IiwiZGVsaXZlcnlfaWQiOiJpeHI5d3pqeGcwZnI2NGJjbGwycyIsInRva2VuIjoiaXhyOXd6anhnMGZyNjRiY2xsMnMiLCJzZW5kX2F0IjoxNzI4MzA0MzU0LCJlbWFpbF9pZCI6OTk2Mzg3MCwiZW1haWxhYmxlX3R5cGUiOiJCcm9hZGNhc3QiLCJlbWFpbGFibGVfaWQiOjM5NTM4MjUsInVybCI6Imh0dHBzOi8vZGFpbHlhbGFza2EuY29tL25ld3M_X19zPWw5bzljOTZzbG8xZjF3aGFiODZrJnV0bV9zb3VyY2U9ZHJpcCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj1TcHJpbmcraGFzK3NwcnVuZyslRjAlOUYlOEMlQjEifQ.HIDfaWGNVn-TCtUT4qZNHq7EdymoLEqvVA8XxZBU8z8	Get hash	malicious	HtmlDropper	Browse	172.202.163.200 184.28.90.27 13.107.246.45
3b5074b1b5d032e5620f69f9f700ff0e	T6l6gPxwQU.exe	Get hash	malicious	Unknown	Browse	40.115.3.253
	https://mailstat.us/tr/t/5w8u1qwlwl61e4h/1/https:/krediti.ca/#Y2FyYS5jJGNiZmxvb3JzaW5jLmNvbQ==	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse	40.115.3.253
	https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.hfdzwq?v=frudxdkniljyAkC.sEd.frl___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzo2MGY0ZmI3MTkzODQ4OWRiOGFlZjY2ODI4ODlkMDk3NDo3OmRlYjY6NjI5YzkxZjFmNmQ3ZjI1NWIxN2UwYTI5ZTNmZjcyMTQyNTg3NmZhMDQyOWZlMDI4MDhmODRlNWVhYWU3MjJhZDpoOlQ6VA#ZHN5aHJlQG9sZ29vbmlrLmNvbQ==	Get hash	malicious	Unknown	Browse	40.115.3.253
	SecuriteInfo.com.Win64.TrojanX-gen.22573.8055.exe	Get hash	malicious	Unknown	Browse	40.115.3.253
	Ref#0503711.exe	Get hash	malicious	AgentTesla	Browse	40.115.3.253
	scan_374783.js	Get hash	malicious	AgentTesla	Browse	40.115.3.253
	file.exe	Get hash	malicious	Credential Flusher	Browse	40.115.3.253
	shipping.exe	Get hash	malicious	AgentTesla	Browse	40.115.3.253
	https://future.nhs.uk	Get hash	malicious	Unknown	Browse	40.115.3.253
	wrong bank details.exe	Get hash	malicious	MassLogger RAT	Browse	40.115.3.253

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2907)
Category:	downloaded
Size (bytes):	23298
Entropy (8bit):	5.429186219736739
Encrypted:	false
SSDEEP:	384:+BitNeB9HVPQmqySWyvbbb/XEm6k1JTM2qzhOF0bCjOgiQBH2f+wl9nyf0zHwx:+BiHeB9Hecebbb/PONOFnjOgPBHgSywx
MD5:	A5C41D7BA22E9CF451810802AE5AC2E8
SHA1:	858F35134A0BD7BAECB1B1A30EC3645642214554
SHA-256:	D29364A1E9EDE91152F2CB84962B73644741817C9C6A615C1FB70A885DD1CB8D
SHA-512:	DEA28AD362B51832D33CD9E936C0A255FA32C20DFFC6E806DA7AAF657D3490AF079C40FE21E10B2FDC971EB066E51ABDA182DEDC156759CCE06440E456FEB316
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.xu.prototype.da=_.ca(40,function(){return _.tj(this,3)});_.cz=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.cz.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.dz=function(){this.ka=!0;var a=_.xj(_.fk(_.Be("TSDtV",window),_.Cya),_.xu,1,_.sj())[0];if(a){var b={};for(var c=_.n(_.xj(a,_.Dya,2,_.sj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Lj(d,1).toString();switch(_.vj(d,_.yu)){case 3:b[e]=_.Jj(d,_.nj(d,_.yu,3));break;case 2:b[e]=_.Lj(d,_.nj(d,_.yu,2));break;case 4:b[e]=_.Mj(d,_.nj(d,_.yu,4));break;case 5:b[e]=_.Nj(d,_.nj(d,_.yu,5));break;case 6:b[e]=_.Rj(d,_.ff,6,_.yu);break;default:throw Error("jd`"+_.vj(d,_.yu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.dz.prototype.aa=function(a){if(!this.ka\|\|a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Be("nQyAE",window)){var b=_.Fya(a.flagName);if(b===null)a=a.de

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (533)
Category:	downloaded
Size (bytes):	9210
Entropy (8bit):	5.393248075042016
Encrypted:	false
SSDEEP:	192:t7mFYxV97I4Ia0U44rS3mt8IV7ydti6M5/1JlNg:t7vB7Il2t+dEF1JlNg
MD5:	2ED5BC88509286438B682EFF23518005
SHA1:	D5C8FD77BA3ED7F977A4AD0C85CF026D0F74F3E2
SHA-256:	F878D44B5CAC6BC95D638C13D0814C10E7D6CC145351ABA7945F53D8CB167979
SHA-512:	12F5415A482286C53631D09B5F50BA4AAA0957DB61904430E5B728777A15DC62428ED560847AB1DFEC459E302FB4D009D32CC1770EAD5425023CA48DF4640AA4
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vNa=_.z("SD8Jgb",[]);._.GX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.A)b=_.Za(b.Ku()),a.empty().append(b);else if(b instanceof _.Ua)b=_.Za(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Wf");};_.HX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.bMb=function(a){return a===null\|\|typeof a==="string"&&_.Ji(a)};._.k("SD8Jgb");._.MX=function(a){_.X.call(this,a.Fa);this.Va=a.controller.Va;this.od=a.controllers.od[0]\|\|null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null\|\|b.setAttribute("type","button")};_.J(_.MX,_.X);_.MX.Ba=function(){return{controller:{Va:{jsname:"n7vHCb",ctor:_.pv},header:{jsname:"tJHJj",ctor:_.pv},nav:{jsname:"DH6Rkf",ct

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (755)
Category:	downloaded
Size (bytes):	1460
Entropy (8bit):	5.274624539239422
Encrypted:	false
SSDEEP:	24:kMYD7DUuXIqMSsN7UYgtx/mQ7hz1BU6TZ6BdXDMvUKGbWxlGb+jSFFV87Ofk8tp8:o7DhXI6PoXwsKGb2lGb+jS9Mwrw
MD5:	481C149C4D3EE4A53C3E7CBA067371DF
SHA1:	E0FED275636D3492C922C44F010157FAF0936733
SHA-256:	9327A53F577C5FCEFDB162E02D8646CE5B70DF2201F4B3289384657B32BACE70
SHA-512:	EC5C5A03ED4E1A27BEE7E1C488A238D79A9787D944E364CCE516FB28C22256919E49C99BFCFEA0F7815AB4232A350914E26D33D20F5A81ED19A39DFD40E30C79
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("lOO0Vd");._.b_a=new _.pf(_.Dm);._.l();._.k("P6sQOc");.var g_a=!!(_.Mh[1]&16);var i_a=function(a,b,c,d,e){this.ea=a;this.xa=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=h_a(this)},j_a=function(a){var b={};_.Ma(a.HS(),function(e){b[e]=!0});var c=a.uS(),d=a.yS();return new i_a(a.wP(),c.aa()1E3,a.bS(),d.aa()1E3,b)},h_a=function(a){return Math.random()Math.min(a.xaMath.pow(a.ka,a.aa),a.Ca)},SG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var TG=function(a){_.W.call(this,a.Fa);this.da=a.Ea.JV;this.ea=a.Ea.metadata;a=a.Ea.cha;this.fetch=a.fetch.bind(a)};_.J(TG,_.W);TG.Ba=function(){return{Ea:{JV:_.e_a,metadata:_.b_a,cha:_.VZa}}};TG.prototype.aa=function(a,b){if(this.ea.getType(a.Od())!==1)return _.Vm(a);var c=this.da.jV;return(c=c?j_a(c):null)&&SG(c)?_.zya(a,k_a(this,a,b,c)):_.Vm(a)};.var k_a=function(a,b,c,d){return c.then(function(e){return e},function(e)

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (683)
Category:	downloaded
Size (bytes):	3131
Entropy (8bit):	5.352056237104327
Encrypted:	false
SSDEEP:	48:o7hHD75byh9xqKP5jNQ8js63rAwrMNhYfmdpwoKLEy5aQW5Tx5v3MmFopMGIWO4x:oFD+95jOQr3AT7wRLDGD5flBb4Ew
MD5:	ADEF03127F74F5E6742B8CFA7B863F28
SHA1:	58D7C635582AF10E91EC047FD315FAF758AF51DA
SHA-256:	5FDD639E222F58AEB6178EB02583086BCC50ED219DEAA953D0E7984DD0E1FEDC
SHA-512:	3AC26E9569EE83298F386D551774F378D3E433A2C80C1D4BC7481C544605A2FA4943F6CBC8E97FBF8FE3C32C1EFB2A1CCAA01403819482FC7429538FDF2CA758
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kA=function(a){_.W.call(this,a.Fa)};_.J(kA,_.W);kA.Ba=_.W.Ba;kA.prototype.jS=function(a){return _.Ye(this,{Xa:{lT:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.ni(function(e){window._wjdc=function(f){d(f);e(dKa(f,b,a))}}):dKa(c,b,a)})};var dKa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.lT.jS(c)};.kA.prototype.aa=function(a,b){var c=_.Dra(b).Tj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d\|\|(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.af(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.qu(_.Lfa,kA);._.l();._.k("SNUn3");._.cKa=new _.pf(_.wg);._.l();._.k("RMhBfe");.var eKa=function(a){var b=_.wq(a);return b?new _.ni(function(c,d){var e=function(){b=_.wq(a);var f=_.Sfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
Category:	downloaded
Size (bytes):	52280
Entropy (8bit):	7.995413196679271
Encrypted:	true
SSDEEP:	1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
MD5:	F61F0D4D0F968D5BBA39A84C76277E1A
SHA1:	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
SHA-256:	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
SHA-512:	6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
Malicious:	false
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
Preview:	wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.\|(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.51w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e......71.?.7.ORv.?...l...G\|.P...\|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....\|..D.d..

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (522)
Category:	downloaded
Size (bytes):	5050
Entropy (8bit):	5.30005628600801
Encrypted:	false
SSDEEP:	96:o75BuBxJfma7bGZABddEgf8nI4zLm4KGo8Vh1EabPVTq8fv/xRw:WHMmaX9r8Igp7nBlHo
MD5:	D9F15F1AEAF15673336FAA3507D1A2A7
SHA1:	FC79D00AF2E2D44FEBA701F12ECD4AFCA327F464
SHA-256:	AA3574ADCF3826390918BC2D5DCD88D7BC63238A6022DEF3487A67A731C30E7A
SHA-512:	D756961B6BFC478274E390B94D613BD837DA011D680FC6D67779A8E12C7F082EF977FC15D02C076F92BC1D2CE7EFDE48F82B4EC1BD12CF38AEDDAB1917E36041
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.oNa=_.z("wg1P6b",[_.XA,_.Fn,_.Nn]);._.k("wg1P6b");.var f6a;f6a=_.mh(["aria-"]);._.yJ=function(a){_.X.call(this,a.Fa);this.Ka=this.xa=this.aa=this.viewportElement=this.Na=null;this.Jc=a.Ea.ef;this.ab=a.Ea.focus;this.Fc=a.Ea.Fc;this.ea=this.Qi();a=-1*parseInt(_.Fo(this.Qi().el(),"marginTop")\|\|"0",10);var b=parseInt(_.Fo(this.Qi().el(),"marginBottom")\|\|"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.cf(this.getData("isMenuDynamic"),!1);b=_.cf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Wc(0),_.ku(this,.g6a(this,this.aa.el())));_.oF(this.oa())&&(a=this.oa().el(),b=this.we.bind(this),a.__soy_skip_handler=b)};_.J(_.yJ,_.X);_.yJ.Ba=function(){return{Ea:{ef:_.cF,focus:_.OE,Fc:_.uu}}};_.yJ.prototype.IF=function(a){var b=a.source;this.Na=b;var c;((c=a.data)==null?0:c.qz)?(a=a.data.qz,this.Ca=a==="MOUS

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (395)
Category:	downloaded
Size (bytes):	1608
Entropy (8bit):	5.271783084011668
Encrypted:	false
SSDEEP:	48:o726BiFP89yAxKz1TtMxII+eXww7D2bc+rw:oyMyAAz1WNd8vw
MD5:	45EA91A811A594F81B7F760DD14BE237
SHA1:	2C97782C6D5D0BCFB3676FF24AA1008251090DAE
SHA-256:	7488FF4710E7592F66BE1FAC090F73CB8F1D2D0794B57DEAC1798C5B309EE76F
SHA-512:	4F79A36857D5A8AF1E2F938EF92EA75C384DE4789972B068BE82EADAA442C538A65035CCE8665A7283137E2075B8FE4C1C9E7B2A36585491683B4869005B772A
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,ZDZcre,A7fCU"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("w9hDv");._.vg(_.Ila);_.iA=function(a){_.W.call(this,a.Fa);this.aa=a.Xa.cache};_.J(_.iA,_.W);_.iA.Ba=function(){return{Xa:{cache:_.gt}}};_.iA.prototype.execute=function(a){_.Bb(a,function(b){var c;_.$e(b)&&(c=b.eb.kc(b.kb));c&&this.aa.LG(c)},this);return{}};_.qu(_.Ola,_.iA);._.l();._.k("ZDZcre");.var jH=function(a){_.W.call(this,a.Fa);this.Xl=a.Ea.Xl;this.j4=a.Ea.metadata;this.aa=a.Ea.wt};_.J(jH,_.W);jH.Ba=function(){return{Ea:{Xl:_.OG,metadata:_.b_a,wt:_.LG}}};jH.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Bb(a,function(c){var d=b.j4.getType(c.Od())===2?b.Xl.Rb(c):b.Xl.fetch(c);return _.Bl(c,_.PG)?d.then(function(e){return _.Dd(e)}):d},this)};_.qu(_.Tla,jH);._.l();._.k("K5nYTd");._.a_a=new _.pf(_.Pla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var RG=function(a){_.W.call(this,a.Fa);this.aa=a.Ea.yQ};_.J(RG,_.W);RG.Ba=func

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (681)
Category:	downloaded
Size (bytes):	4067
Entropy (8bit):	5.3700036060139436
Encrypted:	false
SSDEEP:	96:G6mTOIiY1medWRQrf7VF6vtDgXJyA7oxcoTiw:3mTOImedWOVF6vtUJyA8xJ3
MD5:	FA701F5D7BEF5AF6B676F099A00A1140
SHA1:	4CA8594D1E845605E7F1242AD8E10FD3A41FA3BE
SHA-256:	F1F311E29B597B507EE761AE40185A9BE194BA6498F91DD2A69610EF765B554A
SHA-512:	D53CAD789CED1F1D05546CD9DDA662FF47DF4A9FE382F4936EB1579175B06A95770426E5A83C24EACE04014956F1971A6432D1FCB26F2A9E4B922D8A34FC9875
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
Preview:	"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vg(_.bqa);._.k("sOXFj");.var wu=function(a){_.W.call(this,a.Fa)};_.J(wu,_.W);wu.Ba=_.W.Ba;wu.prototype.aa=function(a){return a()};_.qu(_.aqa,wu);._.l();._.k("oGtAuc");._.Bya=new _.pf(_.bqa);._.l();._.k("q0xTif");.var vza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Lc=null,_.Gu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Su=function(a){_.nt.call(this,a.Fa);this.Qa=this.dom=null;if(this.rl()){var b=_.Cm(this.Wg(),[_.Hm,_.Gm]);b=_.pi([b[_.Hm],b[_.Gm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.ku(this,b)}this.Ra=a.lm.Dea};_.J(Su,_.nt);Su.Ba=function(){return{lm:{Dea:function(a){return _.Ue(a)}}}};Su.prototype.Bp=function(a){return this.Ra.Bp(a)};.Su.prototype.getData=function(a){return this.Ra.getData(a)};Su.prototype.uo=function(){_.Nt(this.d

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (553)
Category:	downloaded
Size (bytes):	744742
Entropy (8bit):	5.79285433629193
Encrypted:	false
SSDEEP:	6144:S5bdWK/20rOQKKQtvqUGSGDdPSxdZqmguPH:kOeKGSpgu/
MD5:	1C7A58214662CFB8B2B8D16B812B1856
SHA1:	785EA4F246BCAA415B3925F7281FC9AE16DF7682
SHA-256:	E2E174AC09FA66C8550B4DCAA98E32176A3B5FB861353E1E7FA9821C3C08561D
SHA-512:	AF42906BD50592D00B12E5F57E69490D9E82D72AEF853397637D5572E6622D65FBC13D522ABF1E7BFB815699600A1B5BB83F236E8544903567D52E9C6C01311A
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlHxjc0Ood9pBm5tn_36XhBkXPrbzg/m=_b,_tp"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x2860c1c4, 0x20469860, 0x39e1fc40, 0x14501e80, 0xe420, 0x0, 0x1a000000, 0x1d000003, 0xc, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,daa,Na,Ta,gaa,iaa,jb,qaa,waa,Caa,Haa,Kaa,Jb,Laa,Ob,Qb,Rb,Maa,Naa,Sb,Oaa,Paa,Qaa,Yb,Vaa,Xaa,ec,fc,gc,bba,cba,gba,jba,lba,mba,qba,tba,nba,sba,rba,pba,oba,uba,yba,Cba,Dba,Aba,Hc,Ic,Gba,Iba,Mba,Nba,Oba,Pba,Lba,Qba,Sba,dd,Uba,Vba,Xba,Zba,Yba,aca,bca,cca,dca,fca,eca,hca,ica,jca,kca,nca,

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1694)
Category:	downloaded
Size (bytes):	32500
Entropy (8bit):	5.378121087555083
Encrypted:	false
SSDEEP:	768:OnTTScxIXeijt4aRZf4AEqTzQh2HIVVcYTVf79pew6cVEkAXtuWsmsL:iA4w4A4h2HIVVcMVf72QA9jOL
MD5:	57D7B0A2CE36496F05AFA27B39C1F219
SHA1:	418AD03C2E75AEAF188E2A00123B70E09D541656
SHA-256:	E247A1F5E564A248C92E39C040A06B9B3BEA50A130CC98F2787FB5E2441E0707
SHA-512:	78B135A69424F951AC7E3CCBDC4F496BCA0BE6A2312DC90DFA29032C7DB19455B7E35FEE57F470729EC5E86D52DC19037BB6404C27DF614A548DE409527866C2
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{.var Cua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=Cua.prototype;_.h.Zc=null;_.h.rZ=1E4;_.h.jA=!1;_.h.sQ=0;_.h.JJ=null;_.h.gV=null;_.h.setTimeout=function(a){this.rZ=a};_.h.start=function(){if(this.jA)throw Error("dc");this.jA=!0;this.sQ=0;Dua(this)};_.h.stop=function(){Eua(this);this.jA=!1};.var Dua=function(a){a.sQ++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.bg)(a.hH,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.bg)(a.Kja,a),a.aa.onerror=(0,_.bg)(a.Jja,a),a.aa.onabort=(0,_.bg)(a.Ija,a),a.JJ=_.om(a.Lja,a.rZ,a),a.aa.src=String(a.ka))};_.h=Cua.prototype;_.h.Kja=function(){this.hH(!0)};_.h.Jja=function(){this.hH(!1)};_.h.Ija=function(){this.hH(!1)};_.h.Lja=function(){this.hH(!1)};._.h.hH=function(a){Eua(this);a?(this.jA=!1,this.da.call(this.ea,!0)):this.sQ<=0?Dua(this):(this.jA=!1,

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (468)
Category:	downloaded
Size (bytes):	1858
Entropy (8bit):	5.297658905867848
Encrypted:	false
SSDEEP:	48:o7vjoGL3AeFkphnpiu7cOyBfO/3d/rYrv3Zrw:ofrLxFuLdyp2AVw
MD5:	B42DB3D22B12B8E3BE1B82961FE2870E
SHA1:	D9CFD11C1C2DE17A7E9301F11AD875B610B96576
SHA-256:	75DC40A81CEACB57940F84D2B29E021974C3004B245CC7198362CA944E9C4058
SHA-512:	EC0708797586F8F85EC8A0BBECA707D73778D93C12986B92965D1828B254D39485926354AEC4D73474BC5755E392B813D8045B19369FAE23B30BBD12E17F7053
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("iAskyc");._.QZ=function(a){_.W.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.QZ,_.W);_.QZ.Ba=function(){return{Ea:{window:_.tu,Mc:_.HE}}};_.QZ.prototype.Po=function(){};_.QZ.prototype.addEncryptionRecoveryMethod=function(){};_.RZ=function(a){return(a==null?void 0:a.Jo)\|\|function(){}};_.SZ=function(a){return(a==null?void 0:a.r3)\|\|function(){}};_.VPb=function(a){return(a==null?void 0:a.Qp)\|\|function(){}};._.WPb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.XPb=function(a){setTimeout(function(){throw a;},0)};_.QZ.prototype.qO=function(){return!0};_.qu(_.Dn,_.QZ);._.l();._.k("ziXSP");.var j_=function(a){_.QZ.call(this,a.Fa)};_.J(j_,_.QZ);j_.Ba=_.QZ.Ba;j_.prototype.Po=function(a,b,c){var d;if((d=this.window.chrome)==nu

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5693)
Category:	downloaded
Size (bytes):	698852
Entropy (8bit):	5.594980353163612
Encrypted:	false
SSDEEP:	6144:TN3KfgnkxgOYoRvEoQvSXwojVlmGa/ZLJiH7ZkvgTa5PB1+UO5Hx+B8U2+:TUMkxgOENagFxJiyU+
MD5:	AA9FDCBE29C6D043DC83A7DAD848CCC3
SHA1:	E3F0A387A0A4B060620C975E1C70AA20294F3F22
SHA-256:	1A624C24D6D712C633F0B034606610DAD6B5AD7890FBFA3A9B204BD33207D60E
SHA-512:	C93878CE1281349204ABDB4444B18A12C03A010D1A252827EBFE45523E834988CE95D6E625FF82A60934D7A275AD8DAAC689E4412C5719ACCA8C9E1D4365B4D3
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
Preview:	"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	84
Entropy (8bit):	4.875266466142591
Encrypted:	false
SSDEEP:	3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
MD5:	87B6333E98B7620EA1FF98D1A837A39E
SHA1:	105DE6815B0885357DE1414BFC0D77FCC9E924EF
SHA-256:	DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
SHA-512:	867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
Preview:	Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (570)
Category:	downloaded
Size (bytes):	3467
Entropy (8bit):	5.508385764606741
Encrypted:	false
SSDEEP:	96:ogbsxK3SrI2Jrutmxy9FALtcP+EGYkxhclzV9xCw:Psc3OIpDj2ZYkxhATxX
MD5:	231ABD6E6C360E709640B399EDF85476
SHA1:	6CB98F38D9B6FDCF2E7D7C7682A219082F2E1E75
SHA-256:	44B5D535663C65CD2E6228EF1F0C3DBA9C89EAE5C1BF079A6C4C64972DEE989D
SHA-512:	D45455810B34493A05BA2DD7ADF24C0C009F4CF0898AE9C57978D38C8F2654CEEFC11D1C151BA72B902E0FA87537D43C37957DCAEC1792B5277B54C8E7BCCA3C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("Wt6vjf");.var fya=function(){var a=_.He();return _.Nj(a,1)},au=function(a){this.Da=_.t(a,0,au.messageId)};_.J(au,_.v);au.prototype.Ha=function(){return _.Fj(this,1)};au.prototype.Ua=function(a){return _.Xj(this,1,a)};au.messageId="f.bo";var bu=function(){_.km.call(this)};_.J(bu,_.km);bu.prototype.xd=function(){this.NT=!1;gya(this);_.km.prototype.xd.call(this)};bu.prototype.aa=function(){hya(this);if(this.JC)return iya(this),!1;if(!this.UV)return cu(this),!0;this.dispatchEvent("p");if(!this.HP)return cu(this),!0;this.NM?(this.dispatchEvent("r"),cu(this)):iya(this);return!1};.var jya=function(a){var b=new _.gp(a.b5);a.vQ!=null&&_.Mn(b,"authuser",a.vQ);return b},iya=function(a){a.JC=!0;var b=jya(a),c="rt=r&f_uid="+_.rk(a.HP);_.fn(b,(0,_.bg)(a.ea,a),"POST",c)};.bu.prototype.ea=function(a){a=a.target;hya(this);if(_.jn(a)){this.iK=0;if(this.NM)this.JC=!1,this.dispatchEvent("r"

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.58382141550483
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	919'040 bytes
MD5:	594a47a9d0fd4cc9e9222e73205f7ec9
SHA1:	79c4bc5fa28f9046a304ff4eb1cefbefd547bc05
SHA256:	1a812581c1857edd799361c4a557842fa80e85584307b4008459a14a09cb8bdf
SHA512:	13ce79d1efd0c07171a4ab86188cdd8de8c44f97abd65cfb8742c2509bd4314fcc4ebe98134763eb39c3c791447f5e52f9bfac3813a286b9d61e7db725f1eab9
SSDEEP:	24576:QqDEvCTbMWu7rQYlBQcBiT6rprG8a45K:QTvC/MTQYxsWR7a4
TLSH:	A8159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x420577
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67043D40 [Mon Oct 7 19:57:52 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	948cc502fe9226992dce9417f952fce3

Entrypoint Preview

Instruction
call 00007FF2546B04D3h
jmp 00007FF2546AFDDFh
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007FF2546AFFBDh
mov dword ptr [esi], 0049FDF0h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FDF8h
mov dword ptr [ecx], 0049FDF0h
ret
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007FF2546AFF8Ah
mov dword ptr [esi], 0049FE0Ch
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FE14h
mov dword ptr [ecx], 0049FE0Ch
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
and dword ptr [eax], 00000000h
and dword ptr [eax+04h], 00000000h
push eax
mov eax, dword ptr [ebp+08h]
add eax, 04h
push eax
call 00007FF2546B2B7Dh
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
lea eax, dword ptr [ecx+04h]
mov dword ptr [ecx], 0049FDD0h
push eax
call 00007FF2546B2BC8h
pop ecx
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
push eax
call 00007FF2546B2BB1h
test byte ptr [ebp+08h], 00000001h
pop ecx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc8e64	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd4000	0x9bb8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xde000	0x7594	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb0ff0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc3400	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb1010	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9c000	0x894	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x9ab1d	0x9ac00	0a1473f3064dcbc32ef93c5c8a90f3a6	False	0.565500681542811	data	6.668273581389308	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x9c000	0x2fb82	0x2fc00	c9cf2468b60bf4f80f136ed54b3989fb	False	0.35289185209424084	data	5.691811547483722	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xcc000	0x706c	0x4800	53b9025d545d65e23295e30afdbd16d9	False	0.04356553819444445	DOS executable (block device driver @\273\)	0.5846666986982398	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd4000	0x9bb8	0x9c00	f48d14cadda8a6aeee4b9e042db0cff6	False	0.3167067307692308	data	5.332791849413243	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xde000	0x7594	0x7600	c68ee8931a32d45eb82dc450ee40efc3	False	0.7628111758474576	data	6.7972128181359786	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xd45a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xd46d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xd47f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xd4920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xd4c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xd4d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xd5bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xd6480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xd69e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xd8f90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xda038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xda4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xda4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xdaa84	0x68a	data	English	Great Britain	0.2735961768219833
RT_STRING	0xdb110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xdb5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xdbb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xdc1f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xdc660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xdc7b8	0xe7e	data			1.002964959568733
RT_GROUP_ICON	0xdd638	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0xdd6b0	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xdd6c4	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xdd6d8	0x14	data	English	Great Britain	1.25
RT_VERSION	0xdd6ec	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0xdd7c8	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
WININET.dll	HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
USERENV.dll	DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
USER32.dll	GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
GDI32.dll	EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
COMDLG32.dll	GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
SHELL32.dll	DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
OLEAUT32.dll	CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 22:08:01.862819910 CEST	49673	443	192.168.2.6	173.222.162.64
Oct 7, 2024 22:08:01.862860918 CEST	49674	443	192.168.2.6	173.222.162.64
Oct 7, 2024 22:08:02.081582069 CEST	49672	443	192.168.2.6	173.222.162.64
Oct 7, 2024 22:08:09.776376009 CEST	49713	443	192.168.2.6	142.250.186.142
Oct 7, 2024 22:08:09.776401043 CEST	443	49713	142.250.186.142	192.168.2.6
Oct 7, 2024 22:08:09.776488066 CEST	49713	443	192.168.2.6	142.250.186.142
Oct 7, 2024 22:08:09.780989885 CEST	49713	443	192.168.2.6	142.250.186.142
Oct 7, 2024 22:08:09.781028032 CEST	443	49713	142.250.186.142	192.168.2.6
Oct 7, 2024 22:08:09.896420956 CEST	49714	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:09.896459103 CEST	443	49714	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:09.896645069 CEST	49714	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:09.897176027 CEST	49714	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:09.897207022 CEST	443	49714	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:10.427670956 CEST	443	49713	142.250.186.142	192.168.2.6
Oct 7, 2024 22:08:10.427850962 CEST	49713	443	192.168.2.6	142.250.186.142
Oct 7, 2024 22:08:10.427877903 CEST	443	49713	142.250.186.142	192.168.2.6
Oct 7, 2024 22:08:10.428447962 CEST	443	49713	142.250.186.142	192.168.2.6
Oct 7, 2024 22:08:10.428515911 CEST	49713	443	192.168.2.6	142.250.186.142
Oct 7, 2024 22:08:10.429455042 CEST	443	49713	142.250.186.142	192.168.2.6
Oct 7, 2024 22:08:10.429503918 CEST	49713	443	192.168.2.6	142.250.186.142
Oct 7, 2024 22:08:10.430490971 CEST	49713	443	192.168.2.6	142.250.186.142
Oct 7, 2024 22:08:10.430607080 CEST	443	49713	142.250.186.142	192.168.2.6
Oct 7, 2024 22:08:10.430629015 CEST	49713	443	192.168.2.6	142.250.186.142
Oct 7, 2024 22:08:10.470236063 CEST	49713	443	192.168.2.6	142.250.186.142
Oct 7, 2024 22:08:10.470303059 CEST	443	49713	142.250.186.142	192.168.2.6
Oct 7, 2024 22:08:10.517110109 CEST	49713	443	192.168.2.6	142.250.186.142
Oct 7, 2024 22:08:10.668390989 CEST	443	49714	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:10.668477058 CEST	49714	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:10.675420046 CEST	49714	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:10.675441027 CEST	443	49714	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:10.675766945 CEST	443	49714	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:10.677587032 CEST	49714	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:10.677648067 CEST	49714	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:10.677654028 CEST	443	49714	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:10.677779913 CEST	49714	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:10.694241047 CEST	443	49713	142.250.186.142	192.168.2.6
Oct 7, 2024 22:08:10.694783926 CEST	443	49713	142.250.186.142	192.168.2.6
Oct 7, 2024 22:08:10.694849014 CEST	49713	443	192.168.2.6	142.250.186.142
Oct 7, 2024 22:08:10.695595980 CEST	49713	443	192.168.2.6	142.250.186.142
Oct 7, 2024 22:08:10.695642948 CEST	443	49713	142.250.186.142	192.168.2.6
Oct 7, 2024 22:08:10.708534956 CEST	49717	443	192.168.2.6	142.250.184.238
Oct 7, 2024 22:08:10.708564043 CEST	443	49717	142.250.184.238	192.168.2.6
Oct 7, 2024 22:08:10.708626032 CEST	49717	443	192.168.2.6	142.250.184.238
Oct 7, 2024 22:08:10.708810091 CEST	49717	443	192.168.2.6	142.250.184.238
Oct 7, 2024 22:08:10.708826065 CEST	443	49717	142.250.184.238	192.168.2.6
Oct 7, 2024 22:08:10.719405890 CEST	443	49714	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:10.853600025 CEST	443	49714	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:10.853924036 CEST	443	49714	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:10.853988886 CEST	49714	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:10.854288101 CEST	49714	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:10.854300976 CEST	443	49714	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:11.318303108 CEST	443	49717	142.250.184.238	192.168.2.6
Oct 7, 2024 22:08:11.318625927 CEST	49717	443	192.168.2.6	142.250.184.238
Oct 7, 2024 22:08:11.318646908 CEST	443	49717	142.250.184.238	192.168.2.6
Oct 7, 2024 22:08:11.319978952 CEST	443	49717	142.250.184.238	192.168.2.6
Oct 7, 2024 22:08:11.320072889 CEST	49717	443	192.168.2.6	142.250.184.238
Oct 7, 2024 22:08:11.322474003 CEST	443	49717	142.250.184.238	192.168.2.6
Oct 7, 2024 22:08:11.322551012 CEST	49717	443	192.168.2.6	142.250.184.238
Oct 7, 2024 22:08:11.327801943 CEST	49717	443	192.168.2.6	142.250.184.238
Oct 7, 2024 22:08:11.327900887 CEST	443	49717	142.250.184.238	192.168.2.6
Oct 7, 2024 22:08:11.328025103 CEST	49717	443	192.168.2.6	142.250.184.238
Oct 7, 2024 22:08:11.328047037 CEST	443	49717	142.250.184.238	192.168.2.6
Oct 7, 2024 22:08:11.376477003 CEST	49717	443	192.168.2.6	142.250.184.238
Oct 7, 2024 22:08:11.470235109 CEST	49673	443	192.168.2.6	173.222.162.64
Oct 7, 2024 22:08:11.470415115 CEST	49674	443	192.168.2.6	173.222.162.64
Oct 7, 2024 22:08:11.603874922 CEST	443	49717	142.250.184.238	192.168.2.6
Oct 7, 2024 22:08:11.603935003 CEST	443	49717	142.250.184.238	192.168.2.6
Oct 7, 2024 22:08:11.604027987 CEST	49717	443	192.168.2.6	142.250.184.238
Oct 7, 2024 22:08:11.604043961 CEST	443	49717	142.250.184.238	192.168.2.6
Oct 7, 2024 22:08:11.604926109 CEST	443	49717	142.250.184.238	192.168.2.6
Oct 7, 2024 22:08:11.604981899 CEST	49717	443	192.168.2.6	142.250.184.238
Oct 7, 2024 22:08:11.606055975 CEST	49717	443	192.168.2.6	142.250.184.238
Oct 7, 2024 22:08:11.606075048 CEST	443	49717	142.250.184.238	192.168.2.6
Oct 7, 2024 22:08:11.606085062 CEST	49717	443	192.168.2.6	142.250.184.238
Oct 7, 2024 22:08:11.606117964 CEST	49717	443	192.168.2.6	142.250.184.238
Oct 7, 2024 22:08:11.687521935 CEST	49672	443	192.168.2.6	173.222.162.64
Oct 7, 2024 22:08:13.686453104 CEST	443	49704	173.222.162.64	192.168.2.6
Oct 7, 2024 22:08:13.686650038 CEST	49704	443	192.168.2.6	173.222.162.64
Oct 7, 2024 22:08:14.457000971 CEST	49724	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:08:14.457039118 CEST	443	49724	142.250.185.100	192.168.2.6
Oct 7, 2024 22:08:14.457096100 CEST	49724	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:08:14.457591057 CEST	49724	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:08:14.457602978 CEST	443	49724	142.250.185.100	192.168.2.6
Oct 7, 2024 22:08:14.457978964 CEST	49725	443	192.168.2.6	184.28.90.27
Oct 7, 2024 22:08:14.458029032 CEST	443	49725	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:14.458105087 CEST	49725	443	192.168.2.6	184.28.90.27
Oct 7, 2024 22:08:14.461918116 CEST	49725	443	192.168.2.6	184.28.90.27
Oct 7, 2024 22:08:14.461931944 CEST	443	49725	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:15.071274042 CEST	443	49725	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:15.071337938 CEST	49725	443	192.168.2.6	184.28.90.27
Oct 7, 2024 22:08:15.073570013 CEST	49725	443	192.168.2.6	184.28.90.27
Oct 7, 2024 22:08:15.073575974 CEST	443	49725	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:15.073909044 CEST	443	49725	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:15.086843014 CEST	443	49724	142.250.185.100	192.168.2.6
Oct 7, 2024 22:08:15.087063074 CEST	49724	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:08:15.087085962 CEST	443	49724	142.250.185.100	192.168.2.6
Oct 7, 2024 22:08:15.088527918 CEST	443	49724	142.250.185.100	192.168.2.6
Oct 7, 2024 22:08:15.088582039 CEST	49724	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:08:15.090131998 CEST	49724	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:08:15.090225935 CEST	443	49724	142.250.185.100	192.168.2.6
Oct 7, 2024 22:08:15.126174927 CEST	49725	443	192.168.2.6	184.28.90.27
Oct 7, 2024 22:08:15.141242981 CEST	49724	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:08:15.141253948 CEST	443	49724	142.250.185.100	192.168.2.6
Oct 7, 2024 22:08:15.173728943 CEST	49725	443	192.168.2.6	184.28.90.27
Oct 7, 2024 22:08:15.193089962 CEST	49724	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:08:15.219409943 CEST	443	49725	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:15.338258982 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:15.338294029 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:15.338347912 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:15.338979959 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:15.338992119 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:15.347403049 CEST	443	49725	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:15.347486973 CEST	443	49725	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:15.347539902 CEST	49725	443	192.168.2.6	184.28.90.27
Oct 7, 2024 22:08:15.353820086 CEST	49725	443	192.168.2.6	184.28.90.27
Oct 7, 2024 22:08:15.353851080 CEST	443	49725	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:15.353866100 CEST	49725	443	192.168.2.6	184.28.90.27
Oct 7, 2024 22:08:15.353873968 CEST	443	49725	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:15.483325958 CEST	49729	443	192.168.2.6	184.28.90.27
Oct 7, 2024 22:08:15.483366013 CEST	443	49729	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:15.483419895 CEST	49729	443	192.168.2.6	184.28.90.27
Oct 7, 2024 22:08:15.484075069 CEST	49729	443	192.168.2.6	184.28.90.27
Oct 7, 2024 22:08:15.484086990 CEST	443	49729	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:16.012069941 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.012157917 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.014066935 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.014071941 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.014426947 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.028043032 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.075400114 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.092644930 CEST	443	49729	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:16.092789888 CEST	49729	443	192.168.2.6	184.28.90.27
Oct 7, 2024 22:08:16.101474047 CEST	49729	443	192.168.2.6	184.28.90.27
Oct 7, 2024 22:08:16.101485968 CEST	443	49729	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:16.102390051 CEST	443	49729	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:16.103615046 CEST	49729	443	192.168.2.6	184.28.90.27
Oct 7, 2024 22:08:16.124371052 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.124407053 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.124435902 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.124475002 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.124489069 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.124507904 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.124577999 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.151411057 CEST	443	49729	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:16.206146002 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.206202030 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.206213951 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.206233025 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.206265926 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.206265926 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.208230972 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.208259106 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.208312035 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.208312035 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.208317995 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.208364010 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.288233995 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.288261890 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.288368940 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.288368940 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.288378000 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.288496017 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.289273024 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.289290905 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.289335012 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.289351940 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.289410114 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.290517092 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.290530920 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.290584087 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.290589094 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.290623903 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.350545883 CEST	443	49729	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:16.350728989 CEST	443	49729	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:16.350795031 CEST	49729	443	192.168.2.6	184.28.90.27
Oct 7, 2024 22:08:16.357549906 CEST	49729	443	192.168.2.6	184.28.90.27
Oct 7, 2024 22:08:16.357570887 CEST	443	49729	184.28.90.27	192.168.2.6
Oct 7, 2024 22:08:16.370547056 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.370573044 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.370610952 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.370620012 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.370728970 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.370728970 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.371252060 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.371275902 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.371340036 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.371345997 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.371356964 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.371404886 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.371584892 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.371607065 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.372137070 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.372144938 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.372199059 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.372746944 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.372766018 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.372805119 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.372811079 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.372840881 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.372876883 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.375663042 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.375678062 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.375837088 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.375844955 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.375878096 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.453139067 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.453169107 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.453296900 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.453305006 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.453320980 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.453547001 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.453588963 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.453617096 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.453716993 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.453716993 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.453726053 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.453763008 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.454180002 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.454261065 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.454267025 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.454282999 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.454286098 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.454310894 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.454339027 CEST	49728	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.454360962 CEST	443	49728	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.505901098 CEST	49734	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.505975962 CEST	443	49734	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.506057024 CEST	49734	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.506808996 CEST	49735	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.506860971 CEST	443	49735	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.506906986 CEST	49735	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.511322975 CEST	49736	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.511370897 CEST	443	49736	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.511430979 CEST	49736	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.512382984 CEST	49737	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.512448072 CEST	443	49737	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.512934923 CEST	49738	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.512944937 CEST	443	49738	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.512967110 CEST	49737	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.513001919 CEST	49738	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.513135910 CEST	49738	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.513154030 CEST	443	49738	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.513216972 CEST	49737	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.513228893 CEST	443	49737	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.513307095 CEST	49736	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.513330936 CEST	443	49736	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.513622046 CEST	49734	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.513636112 CEST	443	49734	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:16.513899088 CEST	49735	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:16.513916969 CEST	443	49735	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.150079012 CEST	443	49738	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.150829077 CEST	49738	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.150872946 CEST	443	49738	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.151561975 CEST	49738	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.151568890 CEST	443	49738	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.153527975 CEST	443	49734	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.154162884 CEST	49734	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.154162884 CEST	49734	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.154181004 CEST	443	49734	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.154189110 CEST	443	49734	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.163744926 CEST	443	49737	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.164149046 CEST	49737	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.164164066 CEST	443	49737	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.164345980 CEST	49737	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.164350033 CEST	443	49737	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.170795918 CEST	443	49736	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.171403885 CEST	49736	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.171403885 CEST	49736	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.171433926 CEST	443	49736	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.171443939 CEST	443	49736	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.171900034 CEST	443	49735	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.172271967 CEST	49735	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.172297955 CEST	443	49735	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.172749996 CEST	49735	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.172755957 CEST	443	49735	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.247267962 CEST	443	49738	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.247320890 CEST	443	49738	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.247629881 CEST	49738	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.247629881 CEST	49738	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.247950077 CEST	49738	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.247968912 CEST	443	49738	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.249845982 CEST	443	49734	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.249892950 CEST	443	49734	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.249948978 CEST	49734	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.250224113 CEST	49734	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.250242949 CEST	443	49734	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.250264883 CEST	49734	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.250272989 CEST	443	49734	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.250900030 CEST	49740	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.250957966 CEST	443	49740	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.251209021 CEST	49740	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.251830101 CEST	49740	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.251851082 CEST	443	49740	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.252433062 CEST	49741	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.252486944 CEST	443	49741	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.252626896 CEST	49741	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.252685070 CEST	49741	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.252697945 CEST	443	49741	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.263375998 CEST	443	49737	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.263406992 CEST	443	49737	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.263628960 CEST	49737	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.263641119 CEST	443	49737	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.263777971 CEST	443	49737	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.263828039 CEST	49737	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.263828039 CEST	49737	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.263842106 CEST	443	49737	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.263866901 CEST	49737	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.263874054 CEST	443	49737	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.265985012 CEST	49742	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.266005039 CEST	443	49742	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.266067028 CEST	49742	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.266599894 CEST	49742	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.266613007 CEST	443	49742	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.269216061 CEST	443	49736	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.269273043 CEST	443	49736	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.269417048 CEST	49736	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.269428968 CEST	443	49736	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.269449949 CEST	443	49736	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.269479990 CEST	49736	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.269531012 CEST	49736	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.269531012 CEST	49736	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.269572020 CEST	49736	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.269583941 CEST	443	49736	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.271923065 CEST	49743	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.271944046 CEST	443	49743	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.272119999 CEST	49743	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.272119999 CEST	49743	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.272150040 CEST	443	49743	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.273729086 CEST	443	49735	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.273756027 CEST	443	49735	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.273843050 CEST	443	49735	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.273914099 CEST	49735	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.273933887 CEST	49735	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.273933887 CEST	49735	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.273948908 CEST	443	49735	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.273957968 CEST	443	49735	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.276199102 CEST	49744	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.276228905 CEST	443	49744	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.276438951 CEST	49744	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.276752949 CEST	49744	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:17.276767969 CEST	443	49744	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:17.744405985 CEST	49745	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:17.744452953 CEST	443	49745	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:17.745198965 CEST	49745	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:17.745830059 CEST	49745	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:17.745843887 CEST	443	49745	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:18.022108078 CEST	443	49740	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.023984909 CEST	443	49744	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.025166035 CEST	443	49743	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.032449007 CEST	443	49741	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.033785105 CEST	443	49742	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.071968079 CEST	49744	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.071969986 CEST	49740	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.071999073 CEST	49743	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.087114096 CEST	49741	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.087114096 CEST	49742	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.149072886 CEST	49742	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.149081945 CEST	443	49742	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.149866104 CEST	49742	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.149869919 CEST	443	49742	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.150306940 CEST	49741	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.150310040 CEST	443	49741	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.174335957 CEST	49741	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.174343109 CEST	443	49741	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.175221920 CEST	49740	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.175240993 CEST	443	49740	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.175823927 CEST	49740	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.175832033 CEST	443	49740	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.176259995 CEST	49744	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.176273108 CEST	443	49744	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.176774979 CEST	49744	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.176780939 CEST	443	49744	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.177093029 CEST	49743	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.177099943 CEST	443	49743	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.177632093 CEST	49743	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.177638054 CEST	443	49743	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.418883085 CEST	443	49740	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.419018030 CEST	443	49740	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.419095039 CEST	49740	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.419481039 CEST	49740	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.419481039 CEST	49740	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.419500113 CEST	443	49740	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.419513941 CEST	443	49740	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.419706106 CEST	443	49744	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.419763088 CEST	443	49744	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.419904947 CEST	49744	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.421804905 CEST	443	49743	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.422008038 CEST	443	49743	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.422372103 CEST	49743	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.422924995 CEST	443	49741	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.423084021 CEST	443	49741	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.423141003 CEST	49741	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.427850008 CEST	443	49742	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.428153038 CEST	443	49742	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.428195000 CEST	49742	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.434175014 CEST	49741	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.434199095 CEST	443	49741	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.434211969 CEST	49741	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.434220076 CEST	443	49741	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.435060024 CEST	49742	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.435067892 CEST	443	49742	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.435077906 CEST	49742	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.435082912 CEST	443	49742	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.436400890 CEST	49744	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.436414957 CEST	443	49744	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.436445951 CEST	49744	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.436453104 CEST	443	49744	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.438088894 CEST	49743	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.438096046 CEST	443	49743	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.438108921 CEST	49743	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.438116074 CEST	443	49743	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.460331917 CEST	49753	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.460355997 CEST	443	49753	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.460468054 CEST	49753	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.462855101 CEST	49753	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.462872028 CEST	443	49753	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.463773012 CEST	49754	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.463783026 CEST	443	49754	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.463901997 CEST	49755	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.463928938 CEST	443	49755	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.463938951 CEST	49754	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.463989019 CEST	49755	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.464044094 CEST	49754	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.464055061 CEST	443	49754	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.465116978 CEST	49756	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.465157986 CEST	443	49756	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.465315104 CEST	49755	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.465329885 CEST	443	49755	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.465348005 CEST	49756	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.465512037 CEST	49756	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.465528011 CEST	443	49756	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.465934038 CEST	49757	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.465961933 CEST	443	49757	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.466094017 CEST	49757	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.466309071 CEST	49757	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:18.466322899 CEST	443	49757	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:18.822086096 CEST	443	49745	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:18.822236061 CEST	49745	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:18.824625015 CEST	49745	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:18.824634075 CEST	443	49745	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:18.824872971 CEST	443	49745	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:18.826793909 CEST	49745	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:18.826817036 CEST	49745	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:18.826822042 CEST	443	49745	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:18.827012062 CEST	49745	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:18.871398926 CEST	443	49745	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:18.997839928 CEST	443	49745	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:18.998085022 CEST	443	49745	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:18.998183966 CEST	49745	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:18.998470068 CEST	49745	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:18.998470068 CEST	49745	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:18.998487949 CEST	443	49745	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:19.068444014 CEST	443	49757	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.068854094 CEST	443	49754	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.069030046 CEST	49757	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.069055080 CEST	443	49757	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.069101095 CEST	49754	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.069139957 CEST	443	49754	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.069346905 CEST	49757	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.069353104 CEST	443	49757	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.069530964 CEST	49754	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.069540024 CEST	443	49754	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.075095892 CEST	443	49755	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.075413942 CEST	49755	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.075470924 CEST	443	49755	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.075725079 CEST	49755	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.075731993 CEST	443	49755	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.085371971 CEST	443	49753	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.085654020 CEST	49753	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.085679054 CEST	443	49753	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.085975885 CEST	49753	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.085983038 CEST	443	49753	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.114448071 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:19.114511967 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:19.114617109 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:19.115051985 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:19.115083933 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:19.123271942 CEST	443	49756	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.130924940 CEST	49756	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.130969048 CEST	443	49756	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.131448030 CEST	49756	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.131458044 CEST	443	49756	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.165680885 CEST	443	49754	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.165735960 CEST	443	49754	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.165873051 CEST	49754	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.166064978 CEST	49754	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.166095018 CEST	443	49754	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.166110992 CEST	49754	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.166119099 CEST	443	49754	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.166203022 CEST	443	49757	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.166357994 CEST	443	49757	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.166553974 CEST	49757	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.167411089 CEST	49757	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.167411089 CEST	49757	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.167439938 CEST	443	49757	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.167452097 CEST	443	49757	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.168638945 CEST	49760	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.168677092 CEST	443	49760	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.168761969 CEST	49760	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.169719934 CEST	49760	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.169730902 CEST	443	49760	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.170629025 CEST	443	49755	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.170686007 CEST	443	49755	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.170833111 CEST	49755	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.170872927 CEST	49755	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.170872927 CEST	49755	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.170892954 CEST	443	49755	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.170905113 CEST	443	49755	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.171222925 CEST	49761	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.171251059 CEST	443	49761	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.171397924 CEST	49761	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.171580076 CEST	49761	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.171596050 CEST	443	49761	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.172837973 CEST	49762	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.172848940 CEST	443	49762	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.172926903 CEST	49762	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.174055099 CEST	49762	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.174072027 CEST	443	49762	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.186767101 CEST	443	49753	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.186810017 CEST	443	49753	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.186870098 CEST	49753	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.187067986 CEST	49753	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.187083960 CEST	443	49753	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.187096119 CEST	49753	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.187103033 CEST	443	49753	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.188661098 CEST	49763	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.188673973 CEST	443	49763	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.188829899 CEST	49763	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.188920021 CEST	49763	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.188931942 CEST	443	49763	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.230540037 CEST	443	49756	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.230622053 CEST	443	49756	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.230750084 CEST	49756	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.234930038 CEST	49756	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.234946966 CEST	443	49756	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.234972000 CEST	49756	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.234977007 CEST	443	49756	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.237934113 CEST	49765	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.237974882 CEST	443	49765	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.238059998 CEST	49765	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.238189936 CEST	49765	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.238207102 CEST	443	49765	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.720644951 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:19.721146107 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:19.721179962 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:19.721729040 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:19.721795082 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:19.722727060 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:19.722771883 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:19.724138021 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:19.724221945 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:19.724458933 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:19.724468946 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:19.768138885 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:19.808056116 CEST	443	49763	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.808543921 CEST	49763	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.808552027 CEST	443	49763	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.809341908 CEST	49763	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.809350967 CEST	443	49763	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.811013937 CEST	443	49765	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.811311960 CEST	49765	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.811336994 CEST	443	49765	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.811661959 CEST	49765	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.811667919 CEST	443	49765	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.936335087 CEST	443	49760	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.937230110 CEST	49760	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.937243938 CEST	443	49760	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.937741995 CEST	49760	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.937747955 CEST	443	49760	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.940983057 CEST	443	49761	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.941591024 CEST	49761	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.941618919 CEST	443	49761	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.942791939 CEST	49761	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.942800999 CEST	443	49761	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.972471952 CEST	443	49762	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.974322081 CEST	49762	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.974322081 CEST	49762	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.974338055 CEST	443	49762	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.974356890 CEST	443	49762	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.978984118 CEST	443	49765	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.979063034 CEST	443	49765	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.979139090 CEST	49765	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.979202986 CEST	49765	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.979224920 CEST	443	49765	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.979240894 CEST	49765	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.979249954 CEST	443	49765	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.979899883 CEST	443	49763	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.979943991 CEST	443	49763	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.980010986 CEST	49763	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.980104923 CEST	49763	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.980125904 CEST	443	49763	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.980139971 CEST	49763	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.980146885 CEST	443	49763	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.982018948 CEST	49767	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.982080936 CEST	443	49767	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.982207060 CEST	49767	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.982806921 CEST	49767	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.982836962 CEST	443	49767	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.983251095 CEST	49768	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.983305931 CEST	443	49768	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:19.983366966 CEST	49768	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.983494997 CEST	49768	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:19.983513117 CEST	443	49768	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.033350945 CEST	443	49760	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.033399105 CEST	443	49760	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.033662081 CEST	49760	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.035238028 CEST	49760	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.035238028 CEST	49760	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.035250902 CEST	443	49760	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.035262108 CEST	443	49760	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.036148071 CEST	443	49761	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.036310911 CEST	443	49761	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.036448002 CEST	49761	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.036863089 CEST	49761	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.036885977 CEST	443	49761	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.039199114 CEST	49769	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.039222956 CEST	443	49769	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.039280891 CEST	49769	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.040105104 CEST	49769	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.040111065 CEST	443	49769	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.040466070 CEST	49770	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.040479898 CEST	443	49770	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.040684938 CEST	49770	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.040684938 CEST	49770	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.040705919 CEST	443	49770	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.082129955 CEST	443	49762	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.082302094 CEST	443	49762	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.082365990 CEST	49762	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.082439899 CEST	49762	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.082439899 CEST	49762	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.082459927 CEST	443	49762	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.082470894 CEST	443	49762	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.084739923 CEST	49771	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.084762096 CEST	443	49771	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.084819078 CEST	49771	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.084949017 CEST	49771	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.084965944 CEST	443	49771	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.098711014 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.098778963 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.098824024 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.098839998 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.098881006 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.098891020 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.098968029 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.104540110 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.104604959 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.110511065 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.110564947 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.110589027 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.110596895 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.110754013 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.116626024 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.116681099 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.122628927 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.122692108 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.122714996 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.122761011 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.182116985 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.182184935 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.182212114 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.182264090 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.183979034 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.184040070 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.189989090 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.190042973 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.190068960 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.190116882 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.195981026 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.196028948 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.201731920 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.201776028 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.201908112 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.207925081 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.208029985 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.208045959 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.214153051 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.214207888 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.214216948 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.214477062 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.214593887 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.224461079 CEST	49759	443	192.168.2.6	172.217.18.14
Oct 7, 2024 22:08:20.224481106 CEST	443	49759	172.217.18.14	192.168.2.6
Oct 7, 2024 22:08:20.609857082 CEST	49772	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:20.609910965 CEST	443	49772	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:20.610168934 CEST	49772	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:20.610253096 CEST	49772	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:20.610269070 CEST	443	49772	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:20.659662008 CEST	443	49767	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.666938066 CEST	443	49768	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.699974060 CEST	49767	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.701035023 CEST	49774	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:20.701066971 CEST	443	49774	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:20.701196909 CEST	49774	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:20.701596022 CEST	49774	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:20.701611996 CEST	443	49774	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:20.716049910 CEST	49768	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.716727972 CEST	443	49770	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.724571943 CEST	443	49769	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.736226082 CEST	49769	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.736241102 CEST	443	49769	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.736938953 CEST	49769	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.736944914 CEST	443	49769	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.737304926 CEST	49767	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.737345934 CEST	443	49767	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.737750053 CEST	49767	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.737761974 CEST	443	49767	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.745414972 CEST	49768	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.745441914 CEST	443	49768	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.745929003 CEST	49768	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.745956898 CEST	443	49768	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.747457027 CEST	49770	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.747473001 CEST	443	49770	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.747855902 CEST	49770	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.747862101 CEST	443	49770	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.772814035 CEST	443	49771	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.780849934 CEST	49771	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.780875921 CEST	443	49771	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.781404972 CEST	49771	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.781461000 CEST	443	49771	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.834548950 CEST	443	49767	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.834645033 CEST	443	49767	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.834754944 CEST	49767	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.835098982 CEST	49767	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.835134983 CEST	443	49767	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.835164070 CEST	49767	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.835179090 CEST	443	49767	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.836488962 CEST	443	49769	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.836548090 CEST	443	49769	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.836606979 CEST	49769	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.836818933 CEST	49769	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.836832047 CEST	443	49769	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.836844921 CEST	49769	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.836853027 CEST	443	49769	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.839587927 CEST	49776	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.839612007 CEST	443	49776	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.839663982 CEST	49776	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.840342045 CEST	49777	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.840384007 CEST	443	49777	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.840470076 CEST	49776	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.840482950 CEST	443	49776	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.840491056 CEST	49777	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.840931892 CEST	49777	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.840954065 CEST	443	49777	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.842304945 CEST	443	49768	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.842380047 CEST	443	49768	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.842494965 CEST	49768	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.842637062 CEST	49768	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.842637062 CEST	49768	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.842680931 CEST	443	49768	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.842709064 CEST	443	49768	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.843734980 CEST	443	49770	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.843789101 CEST	443	49770	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.844250917 CEST	49770	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.844284058 CEST	49770	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.844299078 CEST	443	49770	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.844311953 CEST	49770	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.844319105 CEST	443	49770	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.844969034 CEST	49778	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.844995022 CEST	443	49778	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.845063925 CEST	49778	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.845240116 CEST	49778	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.845263958 CEST	443	49778	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.847361088 CEST	49779	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.847369909 CEST	443	49779	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.847426891 CEST	49779	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.847645044 CEST	49779	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.847659111 CEST	443	49779	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.893084049 CEST	443	49771	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.893146038 CEST	443	49771	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.893323898 CEST	49771	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.893650055 CEST	49771	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.893650055 CEST	49771	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.893683910 CEST	443	49771	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.893702030 CEST	443	49771	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.899036884 CEST	49780	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.899074078 CEST	443	49780	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:20.899291039 CEST	49780	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.899389982 CEST	49780	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:20.899406910 CEST	443	49780	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.228406906 CEST	443	49772	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.228656054 CEST	49772	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.228688002 CEST	443	49772	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.229059935 CEST	443	49772	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.229116917 CEST	49772	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.229753017 CEST	443	49772	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.229801893 CEST	49772	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.230762005 CEST	49772	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.230824947 CEST	443	49772	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.231069088 CEST	49772	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.231077909 CEST	443	49772	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.285532951 CEST	49772	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.334536076 CEST	443	49774	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.334745884 CEST	49774	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.334760904 CEST	443	49774	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.335123062 CEST	443	49774	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.335179090 CEST	49774	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.335832119 CEST	443	49774	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.335880995 CEST	49774	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.336047888 CEST	49774	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.336112022 CEST	443	49774	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.336313009 CEST	49774	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.336323023 CEST	443	49774	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.378107071 CEST	49774	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.468234062 CEST	443	49776	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.468678951 CEST	49776	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.468696117 CEST	443	49776	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.469124079 CEST	49776	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.469129086 CEST	443	49776	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.475656033 CEST	443	49779	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.476135969 CEST	49779	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.476151943 CEST	443	49779	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.476525068 CEST	49779	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.476530075 CEST	443	49779	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.482676983 CEST	443	49778	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.483047962 CEST	49778	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.483081102 CEST	443	49778	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.483428001 CEST	49778	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.483436108 CEST	443	49778	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.538496017 CEST	443	49777	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.538883924 CEST	49777	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.538927078 CEST	443	49777	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.539262056 CEST	49777	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.539269924 CEST	443	49777	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.551158905 CEST	443	49780	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.551951885 CEST	49780	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.551975012 CEST	443	49780	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.552098989 CEST	49780	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.552105904 CEST	443	49780	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.558084965 CEST	443	49772	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.558967113 CEST	443	49772	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.559051037 CEST	49772	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.559360027 CEST	49772	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.559382915 CEST	443	49772	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.560138941 CEST	49782	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.560178995 CEST	443	49782	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.560256958 CEST	49782	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.560661077 CEST	49782	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.560673952 CEST	443	49782	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.571547985 CEST	443	49779	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.571614981 CEST	443	49779	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.571672916 CEST	49779	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.571851015 CEST	49779	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.571865082 CEST	443	49779	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.571873903 CEST	49779	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.571880102 CEST	443	49779	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.575608015 CEST	49783	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.575639009 CEST	443	49783	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.575701952 CEST	49783	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.576009989 CEST	49783	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.576025009 CEST	443	49783	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.582844019 CEST	443	49778	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.582964897 CEST	443	49778	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.583019018 CEST	49778	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.583657980 CEST	49778	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.583667040 CEST	443	49778	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.583726883 CEST	443	49776	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.583789110 CEST	443	49776	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.584171057 CEST	49776	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.588454962 CEST	49776	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.588459015 CEST	443	49776	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.588551044 CEST	49776	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.588553905 CEST	443	49776	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.592255116 CEST	49784	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.592304945 CEST	443	49784	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.592367887 CEST	49784	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.594064951 CEST	49784	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.594083071 CEST	443	49784	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.598764896 CEST	49785	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.598807096 CEST	443	49785	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.599886894 CEST	49785	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.603522062 CEST	49785	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.603560925 CEST	443	49785	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.640990019 CEST	443	49777	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.641052961 CEST	443	49777	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.643662930 CEST	49777	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.645047903 CEST	49777	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.645047903 CEST	49777	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.645065069 CEST	443	49777	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.645073891 CEST	443	49777	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.647500992 CEST	49786	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.647535086 CEST	443	49786	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.647635937 CEST	49786	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.647670984 CEST	443	49780	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.647761106 CEST	49786	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.647799015 CEST	443	49786	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.647819996 CEST	443	49780	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.648406982 CEST	49780	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.648406982 CEST	49780	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.648406982 CEST	49780	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.649878025 CEST	49787	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.649907112 CEST	443	49787	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.649971962 CEST	49787	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.650234938 CEST	49787	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.650250912 CEST	443	49787	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:21.657138109 CEST	443	49774	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.657869101 CEST	443	49774	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.660186052 CEST	49774	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.663027048 CEST	49774	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.663034916 CEST	443	49774	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.663625956 CEST	49788	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.663661957 CEST	443	49788	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.664202929 CEST	49788	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.664356947 CEST	49788	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:21.664385080 CEST	443	49788	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:21.952830076 CEST	49780	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:21.952851057 CEST	443	49780	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.172861099 CEST	443	49782	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.179981947 CEST	49782	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:22.180032969 CEST	443	49782	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.180546999 CEST	443	49782	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.180630922 CEST	49782	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:22.182519913 CEST	443	49782	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.182581902 CEST	49782	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:22.184623003 CEST	49782	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:22.184781075 CEST	443	49782	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.184843063 CEST	49782	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:22.184874058 CEST	49782	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:22.184890032 CEST	443	49782	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.195338964 CEST	443	49783	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.199934959 CEST	49783	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.199960947 CEST	443	49783	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.200525999 CEST	49783	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.200531960 CEST	443	49783	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.206691980 CEST	443	49784	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.207933903 CEST	49784	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.207971096 CEST	443	49784	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.208374977 CEST	49784	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.208381891 CEST	443	49784	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.229387999 CEST	49792	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:22.229413033 CEST	443	49792	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:22.229562044 CEST	49792	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:22.230947971 CEST	49792	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:22.230962992 CEST	443	49792	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:22.236577034 CEST	49782	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:22.239224911 CEST	443	49785	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.240492105 CEST	49785	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.240518093 CEST	443	49785	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.240916967 CEST	49785	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.240923882 CEST	443	49785	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.257301092 CEST	443	49787	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.257633924 CEST	49787	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.257651091 CEST	443	49787	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.258018970 CEST	49787	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.258023977 CEST	443	49787	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.259712934 CEST	443	49786	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.260055065 CEST	49786	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.260071039 CEST	443	49786	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.260463953 CEST	49786	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.260468006 CEST	443	49786	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.280730009 CEST	443	49788	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.280922890 CEST	49788	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:22.280932903 CEST	443	49788	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.281291008 CEST	443	49788	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.281351089 CEST	49788	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:22.281981945 CEST	443	49788	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.282023907 CEST	49788	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:22.282186031 CEST	49788	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:22.282244921 CEST	443	49788	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.282473087 CEST	49788	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:22.282481909 CEST	443	49788	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.282499075 CEST	49788	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:22.293365002 CEST	443	49783	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.293447018 CEST	443	49783	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.293504000 CEST	49783	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.293895006 CEST	49783	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.293912888 CEST	443	49783	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.293931007 CEST	49783	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.293936968 CEST	443	49783	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.296694040 CEST	49793	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.296715021 CEST	443	49793	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.296772003 CEST	49793	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.296972036 CEST	49793	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.296986103 CEST	443	49793	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.301825047 CEST	443	49784	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.301906109 CEST	443	49784	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.302691936 CEST	49784	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.302794933 CEST	49784	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.302812099 CEST	443	49784	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.302823067 CEST	49784	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.302829981 CEST	443	49784	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.308796883 CEST	49794	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.308805943 CEST	443	49794	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.308978081 CEST	49794	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.309108973 CEST	49794	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.309122086 CEST	443	49794	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.323402882 CEST	443	49788	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.330368996 CEST	49788	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:22.334536076 CEST	443	49785	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.334650040 CEST	443	49785	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.334726095 CEST	49785	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.334959030 CEST	49785	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.334959030 CEST	49785	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.334975958 CEST	443	49785	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.334985971 CEST	443	49785	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.337357998 CEST	49795	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.337394953 CEST	443	49795	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.337601900 CEST	49795	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.337953091 CEST	49795	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.337965012 CEST	443	49795	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.354140997 CEST	443	49787	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.354212046 CEST	443	49787	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.354312897 CEST	49787	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.354330063 CEST	49787	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.354341030 CEST	443	49787	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.354351044 CEST	49787	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.354356050 CEST	443	49787	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.355952024 CEST	443	49786	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.355994940 CEST	443	49786	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.356070995 CEST	49786	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.356142998 CEST	49786	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.356158018 CEST	443	49786	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.356189966 CEST	49786	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.356197119 CEST	443	49786	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.356595039 CEST	49796	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.356632948 CEST	443	49796	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.356724024 CEST	49796	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.356872082 CEST	49796	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.356887102 CEST	443	49796	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.357947111 CEST	49797	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.357976913 CEST	443	49797	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.358047962 CEST	49797	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.358144999 CEST	49797	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.358159065 CEST	443	49797	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.396208048 CEST	443	49782	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.397006989 CEST	443	49782	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.397094965 CEST	49782	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:22.397798061 CEST	49782	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:22.397819996 CEST	443	49782	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.490132093 CEST	443	49788	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.491308928 CEST	443	49788	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.491370916 CEST	49788	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:22.492176056 CEST	49788	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:22.492183924 CEST	443	49788	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:22.530411005 CEST	49724	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:08:22.571418047 CEST	443	49724	142.250.185.100	192.168.2.6
Oct 7, 2024 22:08:22.801233053 CEST	443	49724	142.250.185.100	192.168.2.6
Oct 7, 2024 22:08:22.801322937 CEST	443	49724	142.250.185.100	192.168.2.6
Oct 7, 2024 22:08:22.801409006 CEST	443	49724	142.250.185.100	192.168.2.6
Oct 7, 2024 22:08:22.801419973 CEST	49724	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:08:22.801450014 CEST	443	49724	142.250.185.100	192.168.2.6
Oct 7, 2024 22:08:22.801573038 CEST	443	49724	142.250.185.100	192.168.2.6
Oct 7, 2024 22:08:22.801616907 CEST	49724	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:08:22.801626921 CEST	443	49724	142.250.185.100	192.168.2.6
Oct 7, 2024 22:08:22.801665068 CEST	49724	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:08:22.802884102 CEST	443	49724	142.250.185.100	192.168.2.6
Oct 7, 2024 22:08:22.803035975 CEST	443	49724	142.250.185.100	192.168.2.6
Oct 7, 2024 22:08:22.803328037 CEST	49724	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:08:22.817903996 CEST	49724	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:08:22.817944050 CEST	443	49724	142.250.185.100	192.168.2.6
Oct 7, 2024 22:08:22.895195007 CEST	443	49792	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:22.895343065 CEST	49792	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:22.919342041 CEST	443	49793	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.925698042 CEST	443	49794	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.959467888 CEST	49792	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:22.959494114 CEST	443	49792	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:22.959753990 CEST	443	49792	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:22.972594023 CEST	49793	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.972594023 CEST	49794	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.973238945 CEST	443	49795	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.977452040 CEST	443	49796	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.980463028 CEST	49796	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.980487108 CEST	443	49796	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.980889082 CEST	443	49797	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.980895042 CEST	49796	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.980906963 CEST	443	49796	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.995814085 CEST	49793	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.995836020 CEST	443	49793	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.996366978 CEST	49793	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.996372938 CEST	443	49793	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.996737003 CEST	49797	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.996763945 CEST	443	49797	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.997104883 CEST	49797	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:22.997109890 CEST	443	49797	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:22.999954939 CEST	49792	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:23.000426054 CEST	49794	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.000431061 CEST	443	49794	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.000797033 CEST	49794	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.000802040 CEST	443	49794	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.006967068 CEST	49795	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.006985903 CEST	443	49795	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.007527113 CEST	49795	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.007531881 CEST	443	49795	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.036236048 CEST	49792	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:23.074140072 CEST	443	49796	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.074193954 CEST	443	49796	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.074275970 CEST	49796	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.074505091 CEST	49796	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.074522018 CEST	443	49796	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.074538946 CEST	49796	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.074544907 CEST	443	49796	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.076984882 CEST	49801	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.077003002 CEST	443	49801	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.077068090 CEST	49801	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.077272892 CEST	49801	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.077280998 CEST	443	49801	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.079402924 CEST	443	49792	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:23.089397907 CEST	443	49793	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.089482069 CEST	443	49793	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.089581966 CEST	49793	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.089618921 CEST	49793	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.089618921 CEST	49793	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.089637041 CEST	443	49793	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.089648962 CEST	443	49793	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.091161966 CEST	49802	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.091173887 CEST	443	49802	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.091326952 CEST	49802	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.091413021 CEST	49802	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.091418028 CEST	443	49802	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.092730045 CEST	443	49797	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.092835903 CEST	443	49794	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.092916012 CEST	443	49797	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.092966080 CEST	443	49794	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.092971087 CEST	49797	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.092993021 CEST	49797	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.093003035 CEST	443	49797	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.093010902 CEST	49797	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.093015909 CEST	443	49797	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.093024969 CEST	49794	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.093066931 CEST	49794	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.093071938 CEST	443	49794	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.093081951 CEST	49794	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.093087912 CEST	443	49794	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.095213890 CEST	49803	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.095305920 CEST	443	49803	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.095400095 CEST	49804	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.095451117 CEST	49803	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.095488071 CEST	443	49804	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.095700026 CEST	49804	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.095750093 CEST	49803	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.095787048 CEST	443	49803	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.096113920 CEST	49804	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.096153021 CEST	443	49804	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.098920107 CEST	443	49795	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.098993063 CEST	443	49795	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.099244118 CEST	49795	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.099275112 CEST	49795	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.099284887 CEST	443	49795	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.099296093 CEST	49795	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.099299908 CEST	443	49795	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.100879908 CEST	49805	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.100908995 CEST	443	49805	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.100960970 CEST	49805	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.101052046 CEST	49805	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.101063967 CEST	443	49805	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.255911112 CEST	49704	443	192.168.2.6	173.222.162.64
Oct 7, 2024 22:08:23.255911112 CEST	49704	443	192.168.2.6	173.222.162.64
Oct 7, 2024 22:08:23.255940914 CEST	443	49792	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:23.256002903 CEST	443	49792	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:23.256022930 CEST	443	49792	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:23.256053925 CEST	49792	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:23.256062984 CEST	443	49792	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:23.256091118 CEST	49792	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:23.256092072 CEST	443	49792	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:23.256109953 CEST	443	49792	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:23.256112099 CEST	49792	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:23.256129026 CEST	49792	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:23.256154060 CEST	49792	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:23.256299019 CEST	443	49792	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:23.256359100 CEST	49792	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:23.256366014 CEST	443	49792	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:23.256478071 CEST	443	49792	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:23.256546974 CEST	49792	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:23.260734081 CEST	443	49704	173.222.162.64	192.168.2.6
Oct 7, 2024 22:08:23.260838032 CEST	443	49704	173.222.162.64	192.168.2.6
Oct 7, 2024 22:08:23.265310049 CEST	49792	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:23.265321016 CEST	443	49792	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:23.265361071 CEST	49792	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:23.265368938 CEST	443	49792	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:23.272453070 CEST	49806	443	192.168.2.6	173.222.162.64
Oct 7, 2024 22:08:23.272547007 CEST	443	49806	173.222.162.64	192.168.2.6
Oct 7, 2024 22:08:23.272761106 CEST	49806	443	192.168.2.6	173.222.162.64
Oct 7, 2024 22:08:23.275350094 CEST	49806	443	192.168.2.6	173.222.162.64
Oct 7, 2024 22:08:23.275410891 CEST	443	49806	173.222.162.64	192.168.2.6
Oct 7, 2024 22:08:23.815323114 CEST	443	49803	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.815913916 CEST	49803	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.816008091 CEST	443	49803	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.816203117 CEST	49803	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.816217899 CEST	443	49803	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.818828106 CEST	443	49805	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.819055080 CEST	443	49801	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.819211006 CEST	49805	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.819242001 CEST	443	49805	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.819566011 CEST	49805	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.819571972 CEST	443	49805	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.819591999 CEST	49801	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.819613934 CEST	443	49801	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.819972992 CEST	49801	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.819988966 CEST	443	49801	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.832911968 CEST	443	49804	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.833199024 CEST	49804	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.833245993 CEST	443	49804	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.833508015 CEST	49804	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.833514929 CEST	443	49804	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.848609924 CEST	443	49806	173.222.162.64	192.168.2.6
Oct 7, 2024 22:08:23.848824978 CEST	49806	443	192.168.2.6	173.222.162.64
Oct 7, 2024 22:08:23.911660910 CEST	443	49803	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.911711931 CEST	443	49803	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.911895037 CEST	49803	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.911895990 CEST	49803	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.911895990 CEST	49803	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.913913965 CEST	443	49805	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.914062023 CEST	443	49805	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.914129019 CEST	49805	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.914176941 CEST	49805	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.914180040 CEST	49808	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.914191961 CEST	443	49805	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.914222956 CEST	443	49808	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.914222956 CEST	49805	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.914231062 CEST	443	49805	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.914294004 CEST	49808	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.914439917 CEST	49808	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.914446115 CEST	443	49808	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.916168928 CEST	49809	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.916258097 CEST	443	49809	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.916357040 CEST	49809	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.916456938 CEST	49809	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.916481018 CEST	443	49809	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.916604996 CEST	443	49801	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.916666985 CEST	443	49801	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.916806936 CEST	49801	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.916806936 CEST	49801	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.916829109 CEST	49801	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.916842937 CEST	443	49801	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.918675900 CEST	49810	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.918699980 CEST	443	49810	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.918770075 CEST	49810	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.918905973 CEST	49810	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.918930054 CEST	443	49810	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.933765888 CEST	443	49804	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.933911085 CEST	443	49804	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.933971882 CEST	49804	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.934041977 CEST	49804	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.934042931 CEST	49804	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.934087992 CEST	443	49804	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.934117079 CEST	443	49804	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.935904980 CEST	49811	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.935918093 CEST	443	49811	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:23.935977936 CEST	49811	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.936095953 CEST	49811	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:23.936110973 CEST	443	49811	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.220623970 CEST	49803	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.220688105 CEST	443	49803	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.524934053 CEST	443	49808	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.525377989 CEST	49808	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.525409937 CEST	443	49808	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.525778055 CEST	49808	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.525783062 CEST	443	49808	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.549071074 CEST	443	49811	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.549396038 CEST	49811	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.549411058 CEST	443	49811	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.549717903 CEST	49811	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.549721956 CEST	443	49811	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.557883978 CEST	443	49809	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.558180094 CEST	49809	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.558240891 CEST	443	49809	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.558484077 CEST	49809	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.558496952 CEST	443	49809	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.561856031 CEST	443	49810	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.562138081 CEST	49810	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.562151909 CEST	443	49810	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.562480927 CEST	49810	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.562489986 CEST	443	49810	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.618887901 CEST	443	49808	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.619174957 CEST	443	49808	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.619232893 CEST	49808	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.619275093 CEST	49808	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.619275093 CEST	49808	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.619290113 CEST	443	49808	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.619298935 CEST	443	49808	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.622818947 CEST	49814	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.622858047 CEST	443	49814	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.623162031 CEST	49814	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.623261929 CEST	49814	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.623271942 CEST	443	49814	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.649893045 CEST	443	49811	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.650048971 CEST	443	49811	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.650099993 CEST	49811	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.650144100 CEST	49811	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.650151014 CEST	443	49811	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.650161028 CEST	49811	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.650166035 CEST	443	49811	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.651880980 CEST	49815	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.651936054 CEST	443	49815	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.652053118 CEST	49815	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.652164936 CEST	49815	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.652179956 CEST	443	49815	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.658592939 CEST	443	49809	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.658747911 CEST	443	49809	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.658801079 CEST	49809	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.658901930 CEST	49809	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.658919096 CEST	443	49809	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.658931017 CEST	49809	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.658937931 CEST	443	49809	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.660958052 CEST	49816	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.661001921 CEST	443	49816	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.661108971 CEST	49816	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.661237955 CEST	49816	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.661256075 CEST	443	49816	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.692413092 CEST	443	49810	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.692481041 CEST	443	49810	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.692743063 CEST	49810	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.692953110 CEST	49810	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.692960024 CEST	443	49810	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.692990065 CEST	49810	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.692996025 CEST	443	49810	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.694967985 CEST	49817	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.695013046 CEST	443	49817	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.695090055 CEST	49817	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.695334911 CEST	49817	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.695353985 CEST	443	49817	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.711065054 CEST	443	49802	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.711421013 CEST	49802	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.711440086 CEST	443	49802	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:24.712793112 CEST	49802	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:24.712799072 CEST	443	49802	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.032140017 CEST	443	49802	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.032325029 CEST	443	49802	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.032449007 CEST	49802	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.038362026 CEST	49802	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.038362026 CEST	49802	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.038383961 CEST	443	49802	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.038403034 CEST	443	49802	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.041723967 CEST	49818	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.041775942 CEST	443	49818	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.041874886 CEST	49818	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.042062998 CEST	49818	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.042073011 CEST	443	49818	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.601877928 CEST	443	49817	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.603576899 CEST	49817	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.603621006 CEST	443	49817	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.603707075 CEST	443	49815	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.604338884 CEST	443	49814	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.605357885 CEST	49815	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.605381966 CEST	443	49815	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.606040955 CEST	49814	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.606066942 CEST	443	49814	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.606230974 CEST	49817	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.606240034 CEST	443	49817	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.606344938 CEST	49815	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.606350899 CEST	443	49815	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.606393099 CEST	49814	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.606396914 CEST	443	49814	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.606642008 CEST	443	49816	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.606923103 CEST	49816	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.606939077 CEST	443	49816	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.607425928 CEST	49816	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.607431889 CEST	443	49816	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.931195021 CEST	443	49817	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.931289911 CEST	443	49814	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.931293011 CEST	443	49817	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.931318998 CEST	443	49815	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.931345940 CEST	443	49816	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.931364059 CEST	443	49815	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.931369066 CEST	49817	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.931493998 CEST	443	49814	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.931514025 CEST	49815	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.931538105 CEST	443	49816	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.931544065 CEST	49814	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.931581020 CEST	49814	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.931590080 CEST	49816	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.931597948 CEST	443	49814	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.931606054 CEST	49814	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.931611061 CEST	443	49814	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.931678057 CEST	49817	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.931679010 CEST	49817	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.931708097 CEST	443	49817	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.931721926 CEST	443	49817	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.932230949 CEST	49815	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.932255983 CEST	443	49815	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.933157921 CEST	49816	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.933177948 CEST	443	49816	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.933207989 CEST	49816	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.933214903 CEST	443	49816	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.934077024 CEST	443	49818	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.935333967 CEST	49818	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.935355902 CEST	443	49818	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.935847044 CEST	49818	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.935853004 CEST	443	49818	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.936209917 CEST	49819	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.936235905 CEST	443	49819	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.936292887 CEST	49819	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.936430931 CEST	49819	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.936439991 CEST	443	49819	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.936546087 CEST	49820	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.936572075 CEST	443	49820	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.936620951 CEST	49820	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.937582970 CEST	49821	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.937623978 CEST	443	49821	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.937700033 CEST	49821	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.937731028 CEST	49820	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.937742949 CEST	443	49820	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.937954903 CEST	49821	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.937972069 CEST	443	49821	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.938004971 CEST	49822	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.938013077 CEST	443	49822	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:25.938062906 CEST	49822	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.938174963 CEST	49822	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:25.938186884 CEST	443	49822	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.093480110 CEST	443	49818	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.093642950 CEST	443	49818	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.093724012 CEST	49818	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.093782902 CEST	49818	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.093782902 CEST	49818	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.093810081 CEST	443	49818	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.093823910 CEST	443	49818	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.097208977 CEST	49823	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.097250938 CEST	443	49823	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.097311020 CEST	49823	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.097454071 CEST	49823	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.097471952 CEST	443	49823	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.557641029 CEST	443	49822	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.558151007 CEST	49822	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.558211088 CEST	443	49822	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.558538914 CEST	49822	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.558543921 CEST	443	49822	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.565361977 CEST	443	49819	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.566009998 CEST	49819	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.566041946 CEST	443	49819	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.566431046 CEST	49819	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.566437006 CEST	443	49819	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.579225063 CEST	443	49820	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.579489946 CEST	49820	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.579497099 CEST	443	49820	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.581162930 CEST	49820	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.581166983 CEST	443	49820	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.582789898 CEST	443	49821	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.583194017 CEST	49821	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.583266973 CEST	443	49821	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.583532095 CEST	49821	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.583545923 CEST	443	49821	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.652012110 CEST	443	49822	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.652455091 CEST	443	49822	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.652575016 CEST	49822	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.652757883 CEST	49822	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.652777910 CEST	443	49822	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.652908087 CEST	49822	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.652914047 CEST	443	49822	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.655757904 CEST	49824	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.655798912 CEST	443	49824	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.655956984 CEST	49824	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.658181906 CEST	49824	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.658195019 CEST	443	49824	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.663678885 CEST	443	49819	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.663840055 CEST	443	49819	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.664186954 CEST	49819	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.664227962 CEST	49819	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.664227962 CEST	49819	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.664246082 CEST	443	49819	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.664256096 CEST	443	49819	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.666500092 CEST	49825	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.666558027 CEST	443	49825	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.667006016 CEST	49825	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.667190075 CEST	49825	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.667227030 CEST	443	49825	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.678731918 CEST	443	49820	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.678812981 CEST	443	49820	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.679162979 CEST	49820	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.679162979 CEST	49820	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.679189920 CEST	49820	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.679199934 CEST	443	49820	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.681698084 CEST	49826	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.681713104 CEST	443	49826	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.682005882 CEST	49826	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.682094097 CEST	49826	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.682104111 CEST	443	49826	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.682372093 CEST	443	49821	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.682542086 CEST	443	49821	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.682712078 CEST	49821	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.682912111 CEST	49821	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.682915926 CEST	443	49821	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.682951927 CEST	49821	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.682955980 CEST	443	49821	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.686844110 CEST	49827	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.686876059 CEST	443	49827	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.687331915 CEST	49827	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.687413931 CEST	49827	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.687421083 CEST	443	49827	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.705665112 CEST	443	49823	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.710544109 CEST	49823	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.710571051 CEST	443	49823	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.711028099 CEST	49823	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.711045980 CEST	443	49823	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.803689957 CEST	443	49823	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.803770065 CEST	443	49823	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.803836107 CEST	49823	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.804590940 CEST	49823	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.804590940 CEST	49823	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.804610968 CEST	443	49823	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.804619074 CEST	443	49823	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.807101965 CEST	49828	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.807147980 CEST	443	49828	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:26.807518005 CEST	49828	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.807831049 CEST	49828	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:26.807840109 CEST	443	49828	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.283948898 CEST	443	49825	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.285860062 CEST	49825	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.285861015 CEST	49825	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.285928965 CEST	443	49825	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.286009073 CEST	443	49825	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.291454077 CEST	443	49824	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.291841984 CEST	49824	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.291855097 CEST	443	49824	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.292280912 CEST	49824	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.292287111 CEST	443	49824	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.318320990 CEST	443	49826	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.318358898 CEST	443	49827	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.319145918 CEST	49827	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.319160938 CEST	443	49827	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.319509029 CEST	49827	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.319514036 CEST	443	49827	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.319520950 CEST	49826	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.319565058 CEST	443	49826	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.319863081 CEST	49826	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.319874048 CEST	443	49826	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.381809950 CEST	443	49825	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.381967068 CEST	443	49825	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.382041931 CEST	49825	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.382189989 CEST	49825	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.382189989 CEST	49825	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.382205963 CEST	443	49825	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.382214069 CEST	443	49825	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.386285067 CEST	49829	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.386336088 CEST	443	49829	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.386435986 CEST	49829	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.386637926 CEST	49829	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.386660099 CEST	443	49829	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.389050007 CEST	443	49824	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.389203072 CEST	443	49824	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.389385939 CEST	49824	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.389385939 CEST	49824	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.389431953 CEST	49824	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.389441967 CEST	443	49824	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.391376019 CEST	49830	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.391395092 CEST	443	49830	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.391586065 CEST	49830	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.391586065 CEST	49830	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.391613960 CEST	443	49830	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.414033890 CEST	443	49828	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.414294958 CEST	443	49827	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.414356947 CEST	443	49827	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.414406061 CEST	49827	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.414413929 CEST	49828	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.414433002 CEST	443	49828	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.414582014 CEST	49827	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.414582014 CEST	49827	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.414588928 CEST	443	49827	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.414596081 CEST	443	49827	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.415071011 CEST	443	49826	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.415096998 CEST	49828	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.415102005 CEST	443	49828	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.415143013 CEST	443	49826	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.416068077 CEST	49826	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.416106939 CEST	49826	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.416106939 CEST	49826	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.416114092 CEST	443	49826	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.416121006 CEST	443	49826	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.417090893 CEST	49831	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.417112112 CEST	443	49831	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.418401957 CEST	49831	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.418401957 CEST	49832	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.418435097 CEST	443	49832	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.418451071 CEST	49831	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.418456078 CEST	443	49831	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.418570042 CEST	49832	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.418570042 CEST	49832	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.418598890 CEST	443	49832	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.552597046 CEST	443	49828	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.552680016 CEST	443	49828	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.553425074 CEST	49828	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.578248978 CEST	49828	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.578248978 CEST	49828	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.578274012 CEST	443	49828	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.578284025 CEST	443	49828	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.581787109 CEST	49833	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.581837893 CEST	443	49833	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:27.582226038 CEST	49833	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.582880020 CEST	49833	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:27.582895041 CEST	443	49833	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.012151957 CEST	443	49829	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.012634993 CEST	49829	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.012701035 CEST	443	49829	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.013132095 CEST	49829	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.013151884 CEST	443	49829	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.016556978 CEST	443	49830	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.016995907 CEST	49830	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.017035007 CEST	443	49830	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.017400026 CEST	49830	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.017416000 CEST	443	49830	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.026490927 CEST	443	49831	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.026803017 CEST	49831	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.026823997 CEST	443	49831	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.027179956 CEST	49831	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.027184010 CEST	443	49831	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.030086994 CEST	443	49832	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.030385971 CEST	49832	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.030474901 CEST	443	49832	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.030736923 CEST	49832	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.030759096 CEST	443	49832	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.109608889 CEST	443	49829	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.109761953 CEST	443	49829	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.109837055 CEST	49829	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.109941959 CEST	49829	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.109942913 CEST	49829	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.109996080 CEST	443	49829	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.110025883 CEST	443	49829	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.113224030 CEST	49834	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.113267899 CEST	443	49834	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.113400936 CEST	49834	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.113686085 CEST	49834	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.113702059 CEST	443	49834	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.114854097 CEST	443	49830	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.115000010 CEST	443	49830	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.115063906 CEST	49830	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.115127087 CEST	49830	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.115127087 CEST	49830	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.115143061 CEST	443	49830	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.115164995 CEST	443	49830	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.117959023 CEST	49835	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.118062019 CEST	443	49835	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.118159056 CEST	49835	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.118417025 CEST	49835	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.118454933 CEST	443	49835	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.122359991 CEST	443	49831	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.122421026 CEST	443	49831	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.122497082 CEST	49831	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.122620106 CEST	49831	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.122637033 CEST	443	49831	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.122689009 CEST	49831	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.122694969 CEST	443	49831	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.124566078 CEST	49836	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.124588966 CEST	443	49836	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.124716043 CEST	49836	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.125044107 CEST	49836	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.125058889 CEST	443	49836	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.125555992 CEST	443	49832	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.125708103 CEST	443	49832	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.125791073 CEST	49832	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.125951052 CEST	49832	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.125988007 CEST	443	49832	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.125994921 CEST	49832	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.126009941 CEST	443	49832	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.135343075 CEST	49837	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:28.135380030 CEST	443	49837	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:28.136077881 CEST	49837	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:28.136487007 CEST	49837	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:28.136502028 CEST	443	49837	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:28.137433052 CEST	49838	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.137525082 CEST	443	49838	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.137603045 CEST	49838	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.137725115 CEST	49838	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.137746096 CEST	443	49838	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.217876911 CEST	443	49833	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.218336105 CEST	49833	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.218352079 CEST	443	49833	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.218725920 CEST	49833	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.218732119 CEST	443	49833	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.317337990 CEST	443	49833	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.317414999 CEST	443	49833	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.317464113 CEST	49833	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.317619085 CEST	49833	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.317636013 CEST	443	49833	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.317646980 CEST	49833	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.317655087 CEST	443	49833	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.319914103 CEST	49839	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.319955111 CEST	443	49839	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.320101976 CEST	49839	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.320247889 CEST	49839	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.320266008 CEST	443	49839	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.740469933 CEST	443	49837	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:28.740796089 CEST	49837	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:28.740814924 CEST	443	49837	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:28.741175890 CEST	443	49837	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:28.741516113 CEST	49837	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:28.741581917 CEST	443	49837	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:28.741758108 CEST	49837	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:28.741777897 CEST	49837	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:28.741786003 CEST	443	49837	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:28.909245014 CEST	443	49836	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.909749985 CEST	49836	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.909789085 CEST	443	49836	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.909971952 CEST	443	49835	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.910222054 CEST	49836	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.910229921 CEST	443	49836	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.910492897 CEST	49835	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.910528898 CEST	443	49835	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.910912037 CEST	49835	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.910918951 CEST	443	49835	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.911345005 CEST	443	49834	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.911664963 CEST	49834	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.911698103 CEST	443	49834	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.911983013 CEST	49834	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.911992073 CEST	443	49834	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.916188955 CEST	443	49838	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.916733980 CEST	49838	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.916795015 CEST	443	49838	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:28.917114973 CEST	49838	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:28.917129040 CEST	443	49838	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.331661940 CEST	443	49834	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.331664085 CEST	443	49835	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.331680059 CEST	443	49836	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.331711054 CEST	443	49838	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.331749916 CEST	443	49834	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.331753016 CEST	443	49835	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.331768036 CEST	443	49838	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.331808090 CEST	49835	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.331830978 CEST	49834	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.331837893 CEST	49838	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.331861973 CEST	443	49836	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.331931114 CEST	443	49837	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:29.331938982 CEST	49836	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.332021952 CEST	443	49837	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:29.332056999 CEST	49835	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.332078934 CEST	49837	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:29.332091093 CEST	443	49835	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.332108974 CEST	49835	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.332117081 CEST	443	49835	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.333380938 CEST	443	49839	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.334494114 CEST	49837	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:29.334520102 CEST	443	49837	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:29.338846922 CEST	49839	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.338864088 CEST	443	49839	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.339274883 CEST	49839	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.339279890 CEST	443	49839	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.339508057 CEST	49834	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.339508057 CEST	49834	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.339528084 CEST	443	49834	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.339538097 CEST	443	49834	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.340363026 CEST	49836	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.340379000 CEST	443	49836	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.340389967 CEST	49836	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.340394974 CEST	443	49836	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.341649055 CEST	49838	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.341671944 CEST	443	49838	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.341686010 CEST	49838	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.341694117 CEST	443	49838	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.348005056 CEST	49840	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.348042965 CEST	443	49840	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.348373890 CEST	49841	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.348406076 CEST	443	49841	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.348422050 CEST	49840	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.348447084 CEST	49841	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.348788977 CEST	49841	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.348798037 CEST	443	49841	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.349061012 CEST	49840	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.349076986 CEST	443	49840	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.349363089 CEST	49842	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.349370003 CEST	443	49842	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.349414110 CEST	49842	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.349515915 CEST	49842	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.349522114 CEST	443	49842	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.350430965 CEST	49843	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.350442886 CEST	443	49843	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.350516081 CEST	49843	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.350616932 CEST	49843	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.350630999 CEST	443	49843	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.432651043 CEST	443	49839	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.432740927 CEST	443	49839	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.433176994 CEST	49839	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.433213949 CEST	49839	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.433213949 CEST	49839	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.433232069 CEST	443	49839	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.433243990 CEST	443	49839	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.435558081 CEST	49844	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.435592890 CEST	443	49844	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.435674906 CEST	49844	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.435798883 CEST	49844	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.435810089 CEST	443	49844	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.980648994 CEST	443	49843	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.981357098 CEST	49843	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.981414080 CEST	443	49843	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.982031107 CEST	49843	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.982040882 CEST	443	49843	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.983704090 CEST	443	49841	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.984143019 CEST	49841	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.984170914 CEST	443	49841	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.984538078 CEST	49841	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.984541893 CEST	443	49841	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.987431049 CEST	443	49842	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.995007038 CEST	49842	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.995021105 CEST	443	49842	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:29.995369911 CEST	49842	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:29.995373964 CEST	443	49842	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.000179052 CEST	443	49840	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.000466108 CEST	49840	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.000504971 CEST	443	49840	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.001095057 CEST	49840	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.001101971 CEST	443	49840	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.066639900 CEST	443	49844	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.067290068 CEST	49844	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.067328930 CEST	443	49844	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.067930937 CEST	49844	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.067941904 CEST	443	49844	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.076647997 CEST	443	49843	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.076713085 CEST	443	49843	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.076929092 CEST	49843	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.077006102 CEST	49843	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.077029943 CEST	443	49843	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.077040911 CEST	49843	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.077047110 CEST	443	49843	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.079823017 CEST	49845	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.079866886 CEST	443	49845	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.079926968 CEST	49845	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.080091953 CEST	49845	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.080099106 CEST	443	49845	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.083062887 CEST	443	49841	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.083086014 CEST	443	49841	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.083143950 CEST	443	49841	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.083157063 CEST	49841	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.083185911 CEST	49841	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.086442947 CEST	49841	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.086463928 CEST	443	49841	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.086472988 CEST	49841	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.086477995 CEST	443	49841	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.089039087 CEST	49846	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.089052916 CEST	443	49846	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.089097023 CEST	49846	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.089323044 CEST	49846	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.089332104 CEST	443	49846	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.090507984 CEST	443	49842	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.090573072 CEST	443	49842	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.090682983 CEST	49842	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.090748072 CEST	49842	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.090755939 CEST	443	49842	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.090763092 CEST	49842	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.090765953 CEST	443	49842	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.093208075 CEST	49847	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.093293905 CEST	443	49847	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.093451023 CEST	49847	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.093744040 CEST	49847	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.093769073 CEST	443	49847	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.100852966 CEST	443	49840	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.101026058 CEST	443	49840	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.101080894 CEST	49840	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.102478027 CEST	49840	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.102499962 CEST	443	49840	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.102511883 CEST	49840	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.102519035 CEST	443	49840	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.104827881 CEST	49848	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.104907990 CEST	443	49848	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.104974985 CEST	49848	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.141410112 CEST	49848	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.141490936 CEST	443	49848	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.167979956 CEST	443	49844	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.168004990 CEST	443	49844	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.168072939 CEST	443	49844	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.168077946 CEST	49844	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.168126106 CEST	49844	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.176110029 CEST	49844	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.176134109 CEST	443	49844	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.176145077 CEST	49844	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.176150084 CEST	443	49844	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.183984995 CEST	49849	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.184047937 CEST	443	49849	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.184237957 CEST	49849	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.184427023 CEST	49849	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.184451103 CEST	443	49849	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.432193995 CEST	49850	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:30.432255983 CEST	443	49850	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:30.432334900 CEST	49850	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:30.432862043 CEST	49850	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:30.432878971 CEST	443	49850	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:30.718007088 CEST	443	49845	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.718460083 CEST	49845	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.718473911 CEST	443	49845	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.718874931 CEST	49845	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.718879938 CEST	443	49845	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.732395887 CEST	443	49846	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.732875109 CEST	49846	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.732917070 CEST	443	49846	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.733241081 CEST	49846	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.733246088 CEST	443	49846	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.735578060 CEST	443	49847	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.735908985 CEST	49847	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.735960007 CEST	443	49847	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.736284018 CEST	49847	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.736289978 CEST	443	49847	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.750686884 CEST	443	49848	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.751008034 CEST	49848	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.751029968 CEST	443	49848	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.751415014 CEST	49848	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.751421928 CEST	443	49848	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.815660954 CEST	443	49845	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.815684080 CEST	443	49845	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.815737009 CEST	49845	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.815747976 CEST	443	49845	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.815805912 CEST	49845	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.816004992 CEST	49845	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.816008091 CEST	443	49845	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.816037893 CEST	49845	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.816143990 CEST	443	49845	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.816171885 CEST	443	49845	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.816209078 CEST	49845	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.818434954 CEST	49851	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.818512917 CEST	443	49851	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.818732023 CEST	49851	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.818871021 CEST	49851	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.818903923 CEST	443	49851	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.827629089 CEST	443	49846	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.827656031 CEST	443	49846	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.827806950 CEST	49846	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.827814102 CEST	443	49846	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.827874899 CEST	443	49846	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.827888012 CEST	49846	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.827899933 CEST	443	49846	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.827912092 CEST	49846	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.827919006 CEST	443	49846	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.827935934 CEST	49846	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.827939034 CEST	443	49846	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.830081940 CEST	49852	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.830111980 CEST	443	49852	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.830173969 CEST	49852	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.830307007 CEST	49852	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.830316067 CEST	443	49852	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.831141949 CEST	443	49847	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.831290960 CEST	443	49847	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.831337929 CEST	49847	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.831403017 CEST	49847	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.831403017 CEST	49847	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.831424952 CEST	443	49847	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.831435919 CEST	443	49847	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.833307981 CEST	49853	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.833347082 CEST	443	49853	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.833559990 CEST	49853	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.833667040 CEST	49853	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.833683014 CEST	443	49853	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.847786903 CEST	443	49848	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.847945929 CEST	443	49848	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.848011971 CEST	49848	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.848130941 CEST	49848	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.848176003 CEST	443	49848	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.848213911 CEST	49848	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.848231077 CEST	443	49848	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.849956036 CEST	49854	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.850011110 CEST	443	49854	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.850073099 CEST	49854	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.850207090 CEST	49854	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.850233078 CEST	443	49854	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.853199005 CEST	443	49849	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.853518009 CEST	49849	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.853540897 CEST	443	49849	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.853895903 CEST	49849	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.853899956 CEST	443	49849	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.954046965 CEST	443	49849	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.954210997 CEST	443	49849	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.954288006 CEST	49849	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.954390049 CEST	49849	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.954413891 CEST	443	49849	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.954427004 CEST	49849	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.954432011 CEST	443	49849	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.957600117 CEST	49855	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.957643032 CEST	443	49855	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:30.957755089 CEST	49855	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.957937956 CEST	49855	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:30.957943916 CEST	443	49855	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.122315884 CEST	443	49850	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:32.122400045 CEST	49850	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:32.128227949 CEST	49850	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:32.128241062 CEST	443	49850	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:32.128650904 CEST	443	49850	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:32.130417109 CEST	49850	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:32.130470991 CEST	49850	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:32.130477905 CEST	443	49850	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:32.130600929 CEST	49850	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:32.171411991 CEST	443	49850	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:32.297905922 CEST	443	49851	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.299777031 CEST	49851	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.299803019 CEST	443	49851	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.299904108 CEST	443	49852	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.300478935 CEST	49851	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.300486088 CEST	443	49851	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.300937891 CEST	49852	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.300956011 CEST	443	49852	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.301314116 CEST	49852	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.301317930 CEST	443	49852	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.302712917 CEST	443	49850	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:32.303438902 CEST	443	49850	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:32.303539038 CEST	49850	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:32.303751945 CEST	49850	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:32.303778887 CEST	443	49850	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:32.307476997 CEST	443	49855	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.308474064 CEST	49855	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.308490038 CEST	443	49855	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.308859110 CEST	49855	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.308864117 CEST	443	49855	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.314331055 CEST	443	49854	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.316693068 CEST	49854	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.316730976 CEST	443	49854	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.317130089 CEST	49854	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.317143917 CEST	443	49854	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.368741989 CEST	443	49853	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.371721983 CEST	49853	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.371753931 CEST	443	49853	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.372100115 CEST	49853	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.372104883 CEST	443	49853	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.393944025 CEST	443	49851	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.394284964 CEST	443	49851	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.394424915 CEST	49851	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.394763947 CEST	49851	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.394789934 CEST	443	49851	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.394805908 CEST	49851	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.394814014 CEST	443	49851	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.395996094 CEST	443	49852	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.396064043 CEST	443	49852	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.396138906 CEST	49852	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.396279097 CEST	49852	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.396292925 CEST	443	49852	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.396301985 CEST	49852	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.396307945 CEST	443	49852	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.397423983 CEST	49856	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.397458076 CEST	443	49856	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.397531986 CEST	49856	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.397634029 CEST	49856	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.397644997 CEST	443	49856	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.398241997 CEST	49857	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.398293018 CEST	443	49857	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.398359060 CEST	49857	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.398426056 CEST	49857	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.398438931 CEST	443	49857	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.405113935 CEST	443	49855	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.405167103 CEST	443	49855	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.405237913 CEST	49855	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.405363083 CEST	49855	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.405379057 CEST	443	49855	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.405394077 CEST	49855	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.405400991 CEST	443	49855	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.407139063 CEST	49858	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.407181025 CEST	443	49858	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.409199953 CEST	49858	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.409782887 CEST	49858	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.409801006 CEST	443	49858	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.414479017 CEST	443	49854	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.417903900 CEST	443	49854	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.418235064 CEST	49854	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.418291092 CEST	49854	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.418309927 CEST	443	49854	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.418322086 CEST	49854	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.418327093 CEST	443	49854	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.420258999 CEST	49859	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.420296907 CEST	443	49859	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.420376062 CEST	49859	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.420484066 CEST	49859	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.420495033 CEST	443	49859	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.464417934 CEST	443	49853	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.464797020 CEST	443	49853	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.464898109 CEST	49853	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.465104103 CEST	49853	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.465126038 CEST	443	49853	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.465153933 CEST	49853	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.465158939 CEST	443	49853	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.467417955 CEST	49860	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.467468977 CEST	443	49860	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:32.467562914 CEST	49860	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.467684984 CEST	49860	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:32.467700958 CEST	443	49860	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.271747112 CEST	443	49856	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.272301912 CEST	443	49858	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.272439957 CEST	49856	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.272469044 CEST	443	49856	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.272874117 CEST	49856	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.272880077 CEST	443	49856	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.273097992 CEST	49858	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.273128033 CEST	443	49858	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.273442030 CEST	49858	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.273448944 CEST	443	49858	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.275943041 CEST	443	49857	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.276295900 CEST	49857	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.276312113 CEST	443	49857	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.276727915 CEST	49857	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.276735067 CEST	443	49857	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.281032085 CEST	443	49859	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.281383038 CEST	49859	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.281390905 CEST	443	49859	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.281769991 CEST	49859	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.281774044 CEST	443	49859	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.283706903 CEST	443	49860	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.284228086 CEST	49860	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.284245968 CEST	443	49860	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.284966946 CEST	49860	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.284971952 CEST	443	49860	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.367762089 CEST	443	49856	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.368567944 CEST	443	49856	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.368653059 CEST	49856	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.368704081 CEST	49856	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.368725061 CEST	443	49856	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.368736029 CEST	49856	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.368741989 CEST	443	49856	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.369519949 CEST	443	49858	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.369554043 CEST	443	49858	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.369600058 CEST	443	49858	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.369601965 CEST	49858	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.369647980 CEST	49858	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.369815111 CEST	49858	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.369841099 CEST	443	49858	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.369853973 CEST	49858	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.369858980 CEST	443	49858	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.371577978 CEST	49861	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.371627092 CEST	443	49861	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.371645927 CEST	49862	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.371651888 CEST	443	49862	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.371695995 CEST	49861	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.371728897 CEST	49862	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.371867895 CEST	49862	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.371867895 CEST	49861	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.371880054 CEST	443	49862	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.371895075 CEST	443	49861	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.373675108 CEST	443	49857	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.373750925 CEST	443	49857	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.373802900 CEST	49857	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.373905897 CEST	49857	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.373924971 CEST	443	49857	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.373943090 CEST	49857	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.373950005 CEST	443	49857	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.376019955 CEST	49863	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.376051903 CEST	443	49863	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.376130104 CEST	49863	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.376260996 CEST	49863	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.376272917 CEST	443	49863	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.380618095 CEST	443	49859	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.380690098 CEST	443	49859	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.380752087 CEST	49859	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.381021023 CEST	49859	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.381037951 CEST	443	49859	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.381048918 CEST	49859	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.381056070 CEST	443	49859	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.383255959 CEST	49864	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.383292913 CEST	443	49864	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.383367062 CEST	49864	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.383495092 CEST	49864	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.383507013 CEST	443	49864	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.385528088 CEST	443	49860	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.385629892 CEST	443	49860	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.385675907 CEST	49860	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.385695934 CEST	443	49860	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.385745049 CEST	443	49860	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.385766029 CEST	49860	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.385783911 CEST	443	49860	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.385793924 CEST	49860	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.385793924 CEST	49860	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.385802984 CEST	443	49860	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.385809898 CEST	443	49860	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.387674093 CEST	49865	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.387711048 CEST	443	49865	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:33.387767076 CEST	49865	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.387976885 CEST	49865	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:33.387990952 CEST	443	49865	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.036876917 CEST	443	49865	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.036962986 CEST	443	49864	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.037179947 CEST	443	49863	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.037471056 CEST	49864	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.037478924 CEST	49865	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.037542105 CEST	443	49865	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.037554979 CEST	443	49864	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.037889004 CEST	49865	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.037904024 CEST	443	49865	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.037940979 CEST	49863	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.037962914 CEST	443	49863	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.038038969 CEST	49864	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.038060904 CEST	443	49864	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.038248062 CEST	49863	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.038255930 CEST	443	49863	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.038734913 CEST	443	49861	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.038961887 CEST	49861	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.038999081 CEST	443	49861	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.039239883 CEST	49861	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.039247990 CEST	443	49861	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.039979935 CEST	443	49862	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.040189981 CEST	49862	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.040213108 CEST	443	49862	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.040452957 CEST	49862	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.040462971 CEST	443	49862	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.351994038 CEST	443	49864	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.352037907 CEST	443	49864	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.352129936 CEST	443	49864	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.352210045 CEST	443	49865	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.352248907 CEST	49864	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.352248907 CEST	49864	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.352263927 CEST	443	49863	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.352369070 CEST	443	49865	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.352376938 CEST	443	49861	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.352411985 CEST	443	49863	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.352426052 CEST	49865	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.352457047 CEST	443	49862	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.352459908 CEST	49863	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.352464914 CEST	49865	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.352482080 CEST	443	49865	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.352483988 CEST	443	49861	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.352495909 CEST	49865	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.352502108 CEST	443	49865	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.352535963 CEST	49861	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.352669001 CEST	443	49862	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.352703094 CEST	49864	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.352714062 CEST	49862	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.352730989 CEST	443	49864	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.352763891 CEST	49864	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.352778912 CEST	443	49864	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.352896929 CEST	49861	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.352919102 CEST	443	49861	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.352930069 CEST	49861	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.352936029 CEST	443	49861	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.353440046 CEST	49863	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.353456020 CEST	443	49863	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.353466034 CEST	49863	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.353471041 CEST	443	49863	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.354477882 CEST	49862	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.354502916 CEST	443	49862	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.354517937 CEST	49862	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.354523897 CEST	443	49862	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.355878115 CEST	49866	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.355901957 CEST	443	49866	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.355971098 CEST	49866	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.356009007 CEST	49867	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.356060982 CEST	443	49867	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.356115103 CEST	49866	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.356118917 CEST	443	49866	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.356123924 CEST	49867	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.356919050 CEST	49868	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.356960058 CEST	443	49868	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.357019901 CEST	49867	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.357044935 CEST	443	49867	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.357073069 CEST	49868	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.357181072 CEST	49868	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.357191086 CEST	443	49868	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.357268095 CEST	49869	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.357300997 CEST	443	49869	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.357352972 CEST	49869	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.357425928 CEST	49869	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.357433081 CEST	443	49869	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.357855082 CEST	49870	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.357861996 CEST	443	49870	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.357913971 CEST	49870	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.357995987 CEST	49870	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.358000040 CEST	443	49870	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.982089996 CEST	443	49869	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.982495070 CEST	49869	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.982516050 CEST	443	49869	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.982898951 CEST	49869	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.982903004 CEST	443	49869	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.984699011 CEST	443	49868	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.984875917 CEST	443	49870	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.985011101 CEST	443	49866	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.985013008 CEST	49868	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.985047102 CEST	443	49868	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.985141993 CEST	49870	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.985157967 CEST	443	49870	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.985337973 CEST	49866	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.985363960 CEST	443	49866	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.985573053 CEST	49868	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.985586882 CEST	443	49868	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.985652924 CEST	49866	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.985661030 CEST	443	49866	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:34.985918045 CEST	49870	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:34.985923052 CEST	443	49870	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.079782009 CEST	443	49870	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.079816103 CEST	443	49866	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.079986095 CEST	443	49866	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.080053091 CEST	49866	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.080239058 CEST	443	49870	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.080280066 CEST	49866	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.080280066 CEST	49866	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.080295086 CEST	49870	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.080298901 CEST	443	49866	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.080308914 CEST	443	49866	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.080311060 CEST	443	49870	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.080367088 CEST	443	49870	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.080409050 CEST	49870	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.080534935 CEST	443	49869	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.080821037 CEST	443	49869	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.080862045 CEST	49869	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.081440926 CEST	49870	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.081455946 CEST	443	49870	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.081475019 CEST	49870	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.081480980 CEST	443	49870	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.081715107 CEST	443	49868	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.081988096 CEST	443	49868	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.082037926 CEST	49868	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.082045078 CEST	443	49868	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.082077980 CEST	49868	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.083502054 CEST	49868	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.083532095 CEST	443	49868	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.083545923 CEST	49868	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.083551884 CEST	443	49868	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.083611012 CEST	49869	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.083616018 CEST	443	49869	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.083642960 CEST	49869	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.083646059 CEST	443	49869	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.085781097 CEST	49871	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.085819960 CEST	443	49871	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.085884094 CEST	49871	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.085943937 CEST	49872	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.085979939 CEST	443	49872	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.086033106 CEST	49872	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.086384058 CEST	49873	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.086422920 CEST	443	49873	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.086500883 CEST	49871	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.086502075 CEST	49873	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.086524963 CEST	443	49871	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.086529016 CEST	49874	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.086540937 CEST	443	49874	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.086580992 CEST	49874	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.086607933 CEST	49873	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.086620092 CEST	443	49873	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.086677074 CEST	49874	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.086683035 CEST	49872	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.086690903 CEST	443	49874	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.086698055 CEST	443	49872	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.713314056 CEST	443	49873	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.713834047 CEST	49873	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.713864088 CEST	443	49873	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.714328051 CEST	49873	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.714333057 CEST	443	49873	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.721349001 CEST	443	49872	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.721812963 CEST	49872	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.721849918 CEST	443	49872	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.722062111 CEST	443	49871	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.722213030 CEST	49872	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.722218037 CEST	443	49872	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.722296000 CEST	49871	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.722337961 CEST	443	49871	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.722635031 CEST	49871	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.722641945 CEST	443	49871	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.754327059 CEST	443	49874	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.754931927 CEST	49874	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.754977942 CEST	443	49874	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:35.755264997 CEST	49874	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:35.755270958 CEST	443	49874	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.192543030 CEST	443	49873	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.192621946 CEST	443	49873	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.192667007 CEST	443	49872	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.192682028 CEST	49873	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.192739964 CEST	443	49872	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.192781925 CEST	49872	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.192785025 CEST	443	49871	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.192842960 CEST	49873	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.192852974 CEST	443	49871	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.192883015 CEST	443	49873	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.192898989 CEST	49871	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.192909002 CEST	49873	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.192922115 CEST	443	49873	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.193252087 CEST	49872	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.193278074 CEST	443	49872	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.193290949 CEST	49872	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.193295956 CEST	443	49872	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.193506956 CEST	49871	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.193526030 CEST	443	49871	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.193536997 CEST	49871	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.193542957 CEST	443	49871	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.197160959 CEST	49875	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.197186947 CEST	443	49875	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.197241068 CEST	49875	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.198096037 CEST	49876	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.198131084 CEST	443	49876	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.198189974 CEST	49876	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.198718071 CEST	49877	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.198760033 CEST	443	49877	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.198820114 CEST	49877	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.198885918 CEST	49875	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.198899031 CEST	443	49875	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.198995113 CEST	49876	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.199006081 CEST	443	49876	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.199135065 CEST	49877	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.199146986 CEST	443	49877	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.287489891 CEST	443	49874	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.287585020 CEST	443	49874	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.287717104 CEST	443	49874	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.287761927 CEST	49874	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.287794113 CEST	49874	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.287903070 CEST	49874	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.287923098 CEST	443	49874	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.287933111 CEST	49874	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.287938118 CEST	443	49874	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.290712118 CEST	49878	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.290765047 CEST	443	49878	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:36.290853977 CEST	49878	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.291014910 CEST	49878	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:36.291027069 CEST	443	49878	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.052352905 CEST	443	49877	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.053913116 CEST	49877	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.053949118 CEST	443	49877	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.054341078 CEST	49877	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.054353952 CEST	443	49877	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.054893017 CEST	443	49875	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.057209015 CEST	443	49876	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.090300083 CEST	49875	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.090341091 CEST	443	49875	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.090763092 CEST	49875	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.090766907 CEST	443	49875	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.090996027 CEST	49876	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.091048002 CEST	443	49876	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.091300964 CEST	49876	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.091311932 CEST	443	49876	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.152966022 CEST	443	49877	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.153088093 CEST	443	49877	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.153227091 CEST	49877	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.155069113 CEST	49877	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.155069113 CEST	49877	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.155092955 CEST	443	49877	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.155103922 CEST	443	49877	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.187980890 CEST	443	49875	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.188148022 CEST	443	49875	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.188210964 CEST	49875	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.200299025 CEST	49875	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.200319052 CEST	443	49875	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.200375080 CEST	49875	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.200381041 CEST	443	49875	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.216912985 CEST	443	49876	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.217077971 CEST	443	49876	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.217159986 CEST	49876	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.240478039 CEST	443	49878	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.247728109 CEST	49876	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.247781038 CEST	443	49876	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.247816086 CEST	49876	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.247847080 CEST	443	49876	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.249758959 CEST	49878	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.249799013 CEST	443	49878	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.250341892 CEST	49878	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.250353098 CEST	443	49878	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.282378912 CEST	49879	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.282429934 CEST	443	49879	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.282524109 CEST	49879	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.284544945 CEST	49880	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.284588099 CEST	443	49880	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.284636974 CEST	49880	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.284883022 CEST	49879	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.284895897 CEST	443	49879	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.285305023 CEST	49880	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.285316944 CEST	443	49880	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.285829067 CEST	49881	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.285866976 CEST	443	49881	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.285927057 CEST	49881	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.286024094 CEST	49881	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.286034107 CEST	443	49881	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.348026037 CEST	443	49878	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.348100901 CEST	443	49878	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.348144054 CEST	49878	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.348171949 CEST	443	49878	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.348222971 CEST	443	49878	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.348262072 CEST	49878	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.348391056 CEST	49878	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.348408937 CEST	443	49878	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.348417997 CEST	49878	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.348423958 CEST	443	49878	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.351453066 CEST	49882	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.351505041 CEST	443	49882	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.351584911 CEST	49882	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.351708889 CEST	49882	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.351718903 CEST	443	49882	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.891192913 CEST	443	49881	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.892040014 CEST	49881	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.892071009 CEST	443	49881	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.892570972 CEST	49881	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.892575026 CEST	443	49881	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.896822929 CEST	443	49880	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.897164106 CEST	49880	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.897192001 CEST	443	49880	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.897557974 CEST	49880	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.897563934 CEST	443	49880	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.920394897 CEST	443	49879	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.920770884 CEST	49879	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.920800924 CEST	443	49879	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.921169996 CEST	49879	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.921175957 CEST	443	49879	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.981416941 CEST	443	49882	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.982003927 CEST	49882	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.982084990 CEST	443	49882	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.982392073 CEST	49882	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.982405901 CEST	443	49882	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.988106966 CEST	443	49881	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.988169909 CEST	443	49881	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.988218069 CEST	49881	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.988362074 CEST	49881	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.988362074 CEST	49881	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.988399029 CEST	443	49881	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.988424063 CEST	443	49881	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.991106987 CEST	49883	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.991139889 CEST	443	49883	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.991200924 CEST	49883	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.991306067 CEST	49883	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.991311073 CEST	443	49883	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.993421078 CEST	443	49880	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.994106054 CEST	443	49880	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.994163990 CEST	49880	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.994184017 CEST	49880	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.994191885 CEST	443	49880	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.994199991 CEST	49880	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.994203091 CEST	443	49880	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.995944023 CEST	49884	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.995979071 CEST	443	49884	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:37.996036053 CEST	49884	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.996133089 CEST	49884	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:37.996141911 CEST	443	49884	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.019275904 CEST	443	49879	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.019486904 CEST	443	49879	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.019565105 CEST	49879	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.019651890 CEST	49879	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.019651890 CEST	49879	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.019696951 CEST	443	49879	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.019722939 CEST	443	49879	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.021470070 CEST	49885	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.021552086 CEST	443	49885	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.021631956 CEST	49885	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.021739006 CEST	49885	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.021760941 CEST	443	49885	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.076030016 CEST	443	49882	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.076059103 CEST	443	49882	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.076103926 CEST	443	49882	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.076154947 CEST	49882	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.076200962 CEST	49882	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.076432943 CEST	49882	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.076452971 CEST	443	49882	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.076464891 CEST	49882	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.076469898 CEST	443	49882	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.079313040 CEST	49886	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.079344034 CEST	443	49886	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.079832077 CEST	49886	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.079832077 CEST	49886	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.079860926 CEST	443	49886	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.626564980 CEST	443	49883	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.627137899 CEST	49883	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.627156973 CEST	443	49883	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.627701998 CEST	49883	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.627708912 CEST	443	49883	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.650249004 CEST	443	49885	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.650719881 CEST	49885	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.650748968 CEST	443	49885	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.651175976 CEST	49885	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.651182890 CEST	443	49885	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.660736084 CEST	443	49884	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.661103010 CEST	49884	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.661128044 CEST	443	49884	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.661562920 CEST	49884	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.661570072 CEST	443	49884	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.698267937 CEST	443	49886	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.698730946 CEST	49886	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.698746920 CEST	443	49886	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.699131012 CEST	49886	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.699136019 CEST	443	49886	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.725258112 CEST	443	49883	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.725436926 CEST	443	49883	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.725601912 CEST	49883	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.725601912 CEST	49883	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.727926016 CEST	49883	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.727929115 CEST	49887	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.727946043 CEST	443	49883	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.727976084 CEST	443	49887	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.728045940 CEST	49887	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.728183985 CEST	49887	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.728195906 CEST	443	49887	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.754924059 CEST	443	49885	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.755096912 CEST	443	49885	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.755171061 CEST	49885	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.756107092 CEST	49885	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.756124973 CEST	443	49885	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.756145000 CEST	49885	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.756149054 CEST	443	49885	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.758541107 CEST	49888	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.758589983 CEST	443	49888	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.758662939 CEST	49888	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.758790016 CEST	49888	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.758800983 CEST	443	49888	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.766566992 CEST	443	49884	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.766855955 CEST	443	49884	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.766907930 CEST	49884	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.766937017 CEST	49884	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.766952038 CEST	443	49884	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.766963005 CEST	49884	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.766967058 CEST	443	49884	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.769634008 CEST	49889	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.769674063 CEST	443	49889	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.769746065 CEST	49889	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.769862890 CEST	49889	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.769876957 CEST	443	49889	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.800822973 CEST	443	49886	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.800851107 CEST	443	49886	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.800895929 CEST	443	49886	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.800936937 CEST	49886	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.800970078 CEST	49886	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.801179886 CEST	49886	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.801192999 CEST	443	49886	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.801206112 CEST	49886	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.801211119 CEST	443	49886	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.803565979 CEST	49890	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.803584099 CEST	443	49890	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:38.803658962 CEST	49890	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.803759098 CEST	49890	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:38.803766012 CEST	443	49890	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.170519114 CEST	443	49867	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.171011925 CEST	49867	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.171049118 CEST	443	49867	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.171490908 CEST	49867	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.171497107 CEST	443	49867	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.280189037 CEST	443	49867	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.280417919 CEST	443	49867	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.280595064 CEST	49867	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.280595064 CEST	49867	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.280595064 CEST	49867	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.282720089 CEST	49891	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.282763004 CEST	443	49891	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.282838106 CEST	49891	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.282953978 CEST	49891	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.282962084 CEST	443	49891	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.354202986 CEST	443	49887	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.354660988 CEST	49887	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.354687929 CEST	443	49887	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.355060101 CEST	49887	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.355067015 CEST	443	49887	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.396472931 CEST	443	49888	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.399749994 CEST	49888	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.399777889 CEST	443	49888	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.400119066 CEST	49888	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.400125027 CEST	443	49888	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.412868977 CEST	443	49889	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.416412115 CEST	49889	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.416446924 CEST	443	49889	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.416687965 CEST	49889	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.416697025 CEST	443	49889	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.421490908 CEST	443	49890	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.421753883 CEST	49890	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.421771049 CEST	443	49890	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.422065020 CEST	49890	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.422070026 CEST	443	49890	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.451729059 CEST	443	49887	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.452223063 CEST	443	49887	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.452311993 CEST	49887	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.452354908 CEST	49887	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.452373981 CEST	443	49887	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.452383995 CEST	49887	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.452389002 CEST	443	49887	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.454701900 CEST	49892	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.454734087 CEST	443	49892	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.454801083 CEST	49892	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.454914093 CEST	49892	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.454921961 CEST	443	49892	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.495201111 CEST	443	49888	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.495285988 CEST	443	49888	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.495337963 CEST	443	49888	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.495349884 CEST	49888	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.495393991 CEST	49888	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.510772943 CEST	443	49889	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.511267900 CEST	443	49889	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.511339903 CEST	49889	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.517029047 CEST	443	49890	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.517123938 CEST	443	49890	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.517168999 CEST	443	49890	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.517179966 CEST	49890	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.517209053 CEST	49890	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.554145098 CEST	49888	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.554187059 CEST	443	49888	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.554199934 CEST	49888	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.554205894 CEST	443	49888	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.555118084 CEST	49889	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.555133104 CEST	443	49889	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.555145025 CEST	49889	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.555150032 CEST	443	49889	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.555710077 CEST	49890	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.555715084 CEST	443	49890	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.555725098 CEST	49890	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.555727959 CEST	443	49890	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.577671051 CEST	49893	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.577718973 CEST	443	49893	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.577914000 CEST	49893	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.582541943 CEST	49867	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.582573891 CEST	443	49867	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.587443113 CEST	49894	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.587472916 CEST	443	49894	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.587534904 CEST	49894	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.590290070 CEST	49893	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.590312958 CEST	443	49893	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.590677977 CEST	49894	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.590692997 CEST	443	49894	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.596364021 CEST	49895	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.596405983 CEST	443	49895	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:39.596484900 CEST	49895	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.596584082 CEST	49895	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:39.596594095 CEST	443	49895	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.430409908 CEST	443	49891	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.430824041 CEST	49891	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.430850029 CEST	443	49891	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.431232929 CEST	49891	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.431238890 CEST	443	49891	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.446837902 CEST	443	49892	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.447249889 CEST	49892	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.447268009 CEST	443	49892	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.447635889 CEST	49892	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.447639942 CEST	443	49892	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.529544115 CEST	443	49891	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.529938936 CEST	443	49891	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.530014992 CEST	49891	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.530049086 CEST	49891	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.530071974 CEST	443	49891	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.530086994 CEST	49891	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.530092955 CEST	443	49891	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.532879114 CEST	49896	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.532987118 CEST	443	49896	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.533087015 CEST	49896	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.533269882 CEST	49896	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.533308983 CEST	443	49896	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.549818993 CEST	443	49892	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.550221920 CEST	443	49892	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.550266027 CEST	443	49892	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.550268888 CEST	49892	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.550313950 CEST	49892	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.550355911 CEST	49892	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.550374031 CEST	443	49892	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.550383091 CEST	49892	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.550388098 CEST	443	49892	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.552511930 CEST	49897	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.552548885 CEST	443	49897	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.552614927 CEST	49897	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.552719116 CEST	49897	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.552728891 CEST	443	49897	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.899687052 CEST	443	49894	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.900476933 CEST	49894	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.900546074 CEST	443	49894	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.900795937 CEST	49894	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.900811911 CEST	443	49894	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.901698112 CEST	443	49895	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.901936054 CEST	49895	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.901956081 CEST	443	49895	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.902215004 CEST	49895	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.902220964 CEST	443	49895	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.961101055 CEST	443	49893	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.961512089 CEST	49893	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.961541891 CEST	443	49893	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.961760044 CEST	49893	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.961767912 CEST	443	49893	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.996079922 CEST	443	49894	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.996346951 CEST	443	49894	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.996512890 CEST	49894	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.996512890 CEST	49894	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.996512890 CEST	49894	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.998724937 CEST	49898	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.998764992 CEST	443	49898	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:40.998831987 CEST	49898	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.998943090 CEST	49898	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:40.998958111 CEST	443	49898	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.001629114 CEST	443	49895	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.001926899 CEST	443	49895	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.002034903 CEST	443	49895	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.002065897 CEST	49895	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.002094030 CEST	49895	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.002124071 CEST	49895	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.002140999 CEST	443	49895	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.002150059 CEST	49895	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.002155066 CEST	443	49895	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.004225016 CEST	49899	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.004266024 CEST	443	49899	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.004339933 CEST	49899	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.004455090 CEST	49899	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.004468918 CEST	443	49899	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.066845894 CEST	443	49893	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.067003965 CEST	443	49893	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.067075968 CEST	49893	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.067147970 CEST	49893	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.067147970 CEST	49893	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.067186117 CEST	443	49893	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.067210913 CEST	443	49893	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.069314957 CEST	49900	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.069363117 CEST	443	49900	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.069438934 CEST	49900	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.069583893 CEST	49900	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.069588900 CEST	443	49900	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.154293060 CEST	443	49896	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.154759884 CEST	49896	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.154783964 CEST	443	49896	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.155149937 CEST	49896	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.155154943 CEST	443	49896	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.160079956 CEST	443	49897	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.162297964 CEST	49897	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.162319899 CEST	443	49897	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.162739038 CEST	49897	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.162744999 CEST	443	49897	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.253081083 CEST	443	49896	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.253787041 CEST	443	49896	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.253839970 CEST	49896	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.254272938 CEST	49896	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.254296064 CEST	443	49896	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.254316092 CEST	49896	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.254321098 CEST	443	49896	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.255773067 CEST	443	49897	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.256239891 CEST	443	49897	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.256298065 CEST	49897	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.256331921 CEST	49897	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.256351948 CEST	443	49897	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.256362915 CEST	49897	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.256369114 CEST	443	49897	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.257438898 CEST	49901	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.257472038 CEST	443	49901	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.257530928 CEST	49901	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.257862091 CEST	49901	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.257869005 CEST	443	49901	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.258539915 CEST	49902	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.258550882 CEST	443	49902	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.258600950 CEST	49902	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.258718967 CEST	49902	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.258729935 CEST	443	49902	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.299668074 CEST	49894	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:41.299694061 CEST	443	49894	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.943890095 CEST	443	49900	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.947583914 CEST	443	49901	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.948658943 CEST	443	49899	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.951749086 CEST	443	49902	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.957106113 CEST	443	49898	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:41.985940933 CEST	49900	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.001560926 CEST	49899	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.004201889 CEST	49898	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.004205942 CEST	49901	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.004205942 CEST	49902	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.073242903 CEST	49898	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.073254108 CEST	443	49898	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.073646069 CEST	49898	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.073649883 CEST	443	49898	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.073834896 CEST	49900	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.073847055 CEST	443	49900	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.074131012 CEST	49900	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.074135065 CEST	443	49900	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.074297905 CEST	49901	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.074309111 CEST	443	49901	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.074589968 CEST	49901	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.074594021 CEST	443	49901	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.074745893 CEST	49899	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.074795008 CEST	443	49899	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.075023890 CEST	49899	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.075035095 CEST	443	49899	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.075169086 CEST	49902	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.075174093 CEST	443	49902	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.075444937 CEST	49902	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.075448036 CEST	443	49902	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.165318012 CEST	443	49900	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.165628910 CEST	443	49900	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.165751934 CEST	443	49900	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.165807009 CEST	49900	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.165986061 CEST	443	49901	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.166307926 CEST	443	49901	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.168045044 CEST	49900	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.168060064 CEST	443	49900	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.168068886 CEST	49900	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.168072939 CEST	443	49900	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.168086052 CEST	49901	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.168519020 CEST	443	49899	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.168829918 CEST	49901	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.168829918 CEST	49901	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.168843031 CEST	443	49901	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.168850899 CEST	443	49901	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.169203997 CEST	443	49899	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.169270992 CEST	49899	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.169452906 CEST	49899	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.169490099 CEST	443	49899	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.169517994 CEST	49899	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.169532061 CEST	443	49899	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.170502901 CEST	443	49898	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.170675993 CEST	443	49898	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.170727968 CEST	49898	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.170734882 CEST	443	49898	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.170804024 CEST	443	49898	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.170970917 CEST	49898	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.171073914 CEST	49898	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.171084881 CEST	443	49898	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.171092987 CEST	49898	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.171097040 CEST	443	49898	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.171278954 CEST	443	49902	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.171329975 CEST	443	49902	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.171452045 CEST	49902	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.171675920 CEST	49903	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.171694994 CEST	443	49903	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.171917915 CEST	49903	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.172847033 CEST	49904	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.172883987 CEST	443	49904	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.172955990 CEST	49904	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.172996998 CEST	49905	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.173033953 CEST	443	49905	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.173046112 CEST	49902	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.173054934 CEST	443	49902	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.173082113 CEST	49905	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.173183918 CEST	49903	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.173197031 CEST	443	49903	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.175295115 CEST	49906	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.175306082 CEST	443	49906	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.175364017 CEST	49906	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.175544024 CEST	49904	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.175580978 CEST	443	49904	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.175703049 CEST	49905	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.175719023 CEST	443	49905	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.176194906 CEST	49906	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.176207066 CEST	443	49906	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.176728964 CEST	49907	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.176748991 CEST	443	49907	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.176825047 CEST	49907	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.176984072 CEST	49907	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.177007914 CEST	443	49907	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.816843033 CEST	443	49906	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.817325115 CEST	443	49905	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.817333937 CEST	49906	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.817348003 CEST	443	49906	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.817653894 CEST	443	49904	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.817696095 CEST	49905	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.817703009 CEST	443	49905	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.817800045 CEST	49906	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.817804098 CEST	443	49906	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.818073988 CEST	49905	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.818073988 CEST	49904	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.818078995 CEST	443	49905	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.818105936 CEST	443	49904	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.818420887 CEST	49904	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.818425894 CEST	443	49904	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.821120977 CEST	443	49903	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.821383953 CEST	49903	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.821415901 CEST	443	49903	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.821659088 CEST	49903	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.821664095 CEST	443	49903	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.836374044 CEST	443	49907	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.836723089 CEST	49907	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.836745977 CEST	443	49907	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.837012053 CEST	49907	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.837018967 CEST	443	49907	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.912435055 CEST	443	49905	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.912518024 CEST	443	49905	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.912578106 CEST	49905	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.912590981 CEST	443	49905	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.912607908 CEST	443	49905	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.912651062 CEST	49905	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.912837982 CEST	49905	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.912852049 CEST	443	49905	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.912859917 CEST	49905	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.912864923 CEST	443	49905	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.914040089 CEST	443	49906	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.914587975 CEST	443	49906	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.914633989 CEST	49906	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.914663076 CEST	49906	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.914666891 CEST	443	49906	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.914697886 CEST	49906	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.914700985 CEST	443	49906	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.915322065 CEST	49908	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.915412903 CEST	443	49908	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.915497065 CEST	49908	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.915635109 CEST	49908	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.915652990 CEST	443	49908	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.916076899 CEST	443	49904	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.916126013 CEST	443	49904	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.916177034 CEST	49904	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.916268110 CEST	49904	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.916290045 CEST	443	49904	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.916301012 CEST	49904	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.916306973 CEST	443	49904	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.916431904 CEST	49909	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.916459084 CEST	443	49909	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.916518927 CEST	49909	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.916605949 CEST	49909	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.916613102 CEST	443	49909	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.917774916 CEST	443	49903	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.917949915 CEST	443	49903	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.918008089 CEST	49903	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.918042898 CEST	49903	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.918044090 CEST	49903	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.918056965 CEST	443	49903	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.918064117 CEST	443	49903	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.918190956 CEST	49910	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.918203115 CEST	443	49910	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.918247938 CEST	49910	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.918351889 CEST	49910	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.918359995 CEST	443	49910	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.919739962 CEST	49911	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.919763088 CEST	443	49911	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.919835091 CEST	49911	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.919929981 CEST	49911	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.919959068 CEST	443	49911	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.937947989 CEST	443	49907	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.938005924 CEST	443	49907	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.938100100 CEST	443	49907	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.938251019 CEST	49907	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.938251019 CEST	49907	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.938251019 CEST	49907	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.938251972 CEST	49907	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.938298941 CEST	443	49907	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.940249920 CEST	49912	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.940273046 CEST	443	49912	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:42.940334082 CEST	49912	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.940443039 CEST	49912	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:42.940453053 CEST	443	49912	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.252326965 CEST	49907	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.252347946 CEST	443	49907	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.398523092 CEST	443	49806	173.222.162.64	192.168.2.6
Oct 7, 2024 22:08:43.398606062 CEST	49806	443	192.168.2.6	173.222.162.64
Oct 7, 2024 22:08:43.581764936 CEST	443	49911	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.582084894 CEST	443	49910	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.582199097 CEST	49911	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.582262039 CEST	443	49911	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.582495928 CEST	49910	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.582529068 CEST	443	49910	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.582600117 CEST	49911	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.582613945 CEST	443	49911	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.582740068 CEST	49910	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.582746983 CEST	443	49910	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.587579966 CEST	443	49909	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.587805033 CEST	49909	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.587811947 CEST	443	49909	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.588093042 CEST	49909	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.588098049 CEST	443	49909	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.589427948 CEST	443	49912	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.589757919 CEST	49912	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.589773893 CEST	443	49912	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.590080023 CEST	49912	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.590084076 CEST	443	49912	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.680046082 CEST	443	49910	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.680185080 CEST	443	49911	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.680211067 CEST	443	49910	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.680284977 CEST	49910	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.680386066 CEST	49910	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.680399895 CEST	443	49910	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.680408001 CEST	49910	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.680413008 CEST	443	49910	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.680847883 CEST	443	49908	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.681966066 CEST	443	49911	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.682066917 CEST	49911	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.682308912 CEST	49908	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.682363033 CEST	443	49908	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.682698011 CEST	49908	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.682712078 CEST	443	49908	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.682756901 CEST	49911	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.682756901 CEST	49911	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.682791948 CEST	443	49911	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.682813883 CEST	443	49911	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.683159113 CEST	49913	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.683191061 CEST	443	49913	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.684227943 CEST	49913	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.684340000 CEST	49913	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.684346914 CEST	443	49913	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.684530020 CEST	49914	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.684535980 CEST	443	49914	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.684588909 CEST	49914	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.684712887 CEST	49914	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.684726000 CEST	443	49914	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.687160969 CEST	443	49912	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.687298059 CEST	443	49912	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.687349081 CEST	49912	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.687405109 CEST	49912	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.687414885 CEST	443	49912	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.687442064 CEST	49912	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.687447071 CEST	443	49912	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.689178944 CEST	49915	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.689196110 CEST	443	49915	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.689260006 CEST	49915	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.689349890 CEST	49915	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.689356089 CEST	443	49915	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.692150116 CEST	443	49909	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.692188978 CEST	443	49909	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.692312002 CEST	49909	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.692332029 CEST	49909	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.692337036 CEST	443	49909	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.692344904 CEST	49909	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.692348003 CEST	443	49909	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.693949938 CEST	49916	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.693975925 CEST	443	49916	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.694164991 CEST	49916	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.694165945 CEST	49916	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.694191933 CEST	443	49916	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.817187071 CEST	443	49908	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.817342997 CEST	443	49908	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.817543983 CEST	49908	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.817713976 CEST	49908	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.817713976 CEST	49908	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.817759991 CEST	443	49908	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.817789078 CEST	443	49908	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.819698095 CEST	49917	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.819786072 CEST	443	49917	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:43.819878101 CEST	49917	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.819977045 CEST	49917	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:43.819996119 CEST	443	49917	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.324373007 CEST	443	49914	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.328013897 CEST	443	49913	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.328468084 CEST	49914	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.328468084 CEST	49913	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.328490019 CEST	443	49914	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.328500986 CEST	443	49913	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.328860998 CEST	49914	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.328866005 CEST	443	49914	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.328887939 CEST	49913	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.328891993 CEST	443	49913	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.329847097 CEST	443	49915	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.330462933 CEST	49915	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.330480099 CEST	443	49915	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.330784082 CEST	49915	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.330789089 CEST	443	49915	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.349499941 CEST	443	49916	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.351047993 CEST	49916	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.351063967 CEST	443	49916	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.351524115 CEST	49916	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.351528883 CEST	443	49916	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.422204018 CEST	443	49913	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.422353029 CEST	443	49913	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.422415972 CEST	49913	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.422569990 CEST	49913	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.422583103 CEST	443	49913	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.422591925 CEST	49913	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.422595978 CEST	443	49913	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.424380064 CEST	443	49915	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.424773932 CEST	443	49915	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.424840927 CEST	49915	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.425702095 CEST	49915	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.425714970 CEST	443	49915	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.426678896 CEST	49918	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.426769018 CEST	443	49918	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.426845074 CEST	49918	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.427040100 CEST	49918	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.427062988 CEST	443	49918	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.427603960 CEST	49919	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.427634001 CEST	443	49919	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.427777052 CEST	49919	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.427886963 CEST	49919	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.427900076 CEST	443	49919	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.432073116 CEST	443	49914	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.432636976 CEST	443	49914	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.432678938 CEST	443	49914	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.432682991 CEST	49914	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.432796955 CEST	49914	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.432806015 CEST	443	49914	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.432815075 CEST	49914	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.432817936 CEST	443	49914	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.432838917 CEST	49914	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.432842016 CEST	443	49914	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.434959888 CEST	49920	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.434972048 CEST	443	49920	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.435151100 CEST	49920	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.435278893 CEST	49920	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.435291052 CEST	443	49920	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.448690891 CEST	443	49916	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.448955059 CEST	443	49916	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.449016094 CEST	49916	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.449114084 CEST	49916	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.449125051 CEST	443	49916	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.449132919 CEST	49916	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.449137926 CEST	443	49916	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.451055050 CEST	49921	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.451071024 CEST	443	49921	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:44.451122999 CEST	49921	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.451217890 CEST	49921	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:44.451224089 CEST	443	49921	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.038083076 CEST	443	49918	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.038495064 CEST	49918	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.038548946 CEST	443	49918	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.038938999 CEST	49918	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.038950920 CEST	443	49918	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.062896013 CEST	443	49920	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.063215017 CEST	49920	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.063251972 CEST	443	49920	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.063559055 CEST	49920	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.063565016 CEST	443	49920	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.071607113 CEST	443	49921	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.071985006 CEST	49921	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.072005987 CEST	443	49921	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.072340965 CEST	49921	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.072346926 CEST	443	49921	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.086669922 CEST	443	49919	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.086954117 CEST	49919	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.086972952 CEST	443	49919	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.087240934 CEST	49919	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.087244987 CEST	443	49919	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.133519888 CEST	443	49918	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.133572102 CEST	443	49918	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.133687973 CEST	49918	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.133693933 CEST	443	49918	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.133755922 CEST	49918	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.133908033 CEST	49918	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.133940935 CEST	443	49918	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.133970022 CEST	49918	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.133984089 CEST	443	49918	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.136636972 CEST	49922	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.136682987 CEST	443	49922	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.136764050 CEST	49922	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.136920929 CEST	49922	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.136934996 CEST	443	49922	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.159859896 CEST	443	49920	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.160059929 CEST	443	49920	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.160093069 CEST	443	49920	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.160105944 CEST	49920	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.160134077 CEST	49920	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.160177946 CEST	49920	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.160192966 CEST	443	49920	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.160202026 CEST	49920	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.160207987 CEST	443	49920	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.161977053 CEST	49923	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.161993027 CEST	443	49923	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.162066936 CEST	49923	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.162170887 CEST	49923	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.162184000 CEST	443	49923	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.176881075 CEST	443	49921	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.177097082 CEST	443	49921	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.177143097 CEST	49921	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.177164078 CEST	49921	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.177174091 CEST	443	49921	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.177191019 CEST	49921	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.177195072 CEST	443	49921	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.179260015 CEST	49924	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.179296970 CEST	443	49924	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.179378986 CEST	49924	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.179488897 CEST	49924	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.179517031 CEST	443	49924	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.187978029 CEST	443	49919	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.188046932 CEST	443	49919	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.188148975 CEST	443	49919	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.188153982 CEST	49919	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.188256979 CEST	49919	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.188317060 CEST	49919	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.188329935 CEST	443	49919	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.188338995 CEST	49919	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.188343048 CEST	443	49919	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.189958096 CEST	49925	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.189975023 CEST	443	49925	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.190045118 CEST	49925	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.190138102 CEST	49925	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.190145969 CEST	443	49925	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.748456955 CEST	443	49922	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.749061108 CEST	49922	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.749078989 CEST	443	49922	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.749403000 CEST	49922	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.749407053 CEST	443	49922	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.804425001 CEST	443	49924	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.804894924 CEST	49924	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.804960012 CEST	443	49924	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.805150032 CEST	49924	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.805165052 CEST	443	49924	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.809838057 CEST	443	49923	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.810077906 CEST	49923	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.810105085 CEST	443	49923	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.810359955 CEST	49923	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.810364962 CEST	443	49923	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.831125021 CEST	443	49925	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.831429958 CEST	49925	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.831459999 CEST	443	49925	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.831775904 CEST	49925	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.831780910 CEST	443	49925	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.848850965 CEST	443	49922	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.848917961 CEST	443	49922	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.848999023 CEST	49922	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.849014044 CEST	443	49922	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.849030018 CEST	443	49922	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.849174023 CEST	49922	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.849251032 CEST	49922	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.849266052 CEST	443	49922	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.849275112 CEST	49922	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.849282026 CEST	443	49922	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.851524115 CEST	49926	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.851551056 CEST	443	49926	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.851619005 CEST	49926	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.851722956 CEST	49926	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.851727962 CEST	443	49926	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.908476114 CEST	443	49923	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.908770084 CEST	443	49923	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.908934116 CEST	49923	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.908934116 CEST	49923	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.908934116 CEST	49923	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.910686016 CEST	49927	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.910747051 CEST	443	49927	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:45.910820007 CEST	49927	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.910914898 CEST	49927	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:45.910934925 CEST	443	49927	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.220226049 CEST	49923	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.220243931 CEST	443	49923	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.328975916 CEST	443	49924	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.328994036 CEST	443	49924	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.329034090 CEST	443	49924	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.329068899 CEST	49924	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.329232931 CEST	49924	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.329274893 CEST	49924	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.329274893 CEST	49924	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.329305887 CEST	443	49924	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.329324007 CEST	443	49925	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.329329967 CEST	443	49924	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.329394102 CEST	443	49925	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.329504967 CEST	443	49925	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.329551935 CEST	49925	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.330271006 CEST	49925	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.330286026 CEST	443	49925	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.330296040 CEST	49925	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.330302000 CEST	443	49925	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.332864046 CEST	49928	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.332920074 CEST	443	49928	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.332992077 CEST	49928	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.333916903 CEST	49929	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.334007025 CEST	443	49929	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.334013939 CEST	49928	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.334024906 CEST	443	49928	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.334089041 CEST	49929	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.334178925 CEST	49929	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.334207058 CEST	443	49929	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.517010927 CEST	443	49926	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.523509026 CEST	443	49917	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.525161028 CEST	49926	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.525182962 CEST	443	49926	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.528119087 CEST	49926	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.528124094 CEST	443	49926	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.530992031 CEST	49917	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.531059980 CEST	443	49917	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.534348011 CEST	49917	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.534360886 CEST	443	49917	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.854974031 CEST	443	49926	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.855051041 CEST	443	49926	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.855118990 CEST	49926	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.855143070 CEST	443	49926	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.855176926 CEST	443	49926	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.855317116 CEST	49926	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.855339050 CEST	49926	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.855339050 CEST	49926	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.855351925 CEST	443	49926	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.855359077 CEST	443	49926	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.856144905 CEST	443	49917	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.856309891 CEST	443	49917	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.856369972 CEST	49917	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.856436968 CEST	49917	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.856437922 CEST	49917	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.856475115 CEST	443	49917	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.856498003 CEST	443	49917	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.857669115 CEST	49930	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.857774973 CEST	443	49930	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.857860088 CEST	49930	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.857963085 CEST	49930	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.857983112 CEST	443	49930	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.858230114 CEST	49931	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.858270884 CEST	443	49931	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.858329058 CEST	49931	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.858400106 CEST	49931	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.858416080 CEST	443	49931	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.910167933 CEST	443	49929	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.910651922 CEST	49929	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.910716057 CEST	443	49929	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.911032915 CEST	49929	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.911047935 CEST	443	49929	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.974550962 CEST	443	49928	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.975090981 CEST	49928	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.975109100 CEST	443	49928	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:46.975418091 CEST	49928	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:46.975421906 CEST	443	49928	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.044503927 CEST	443	49929	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.044681072 CEST	443	49929	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.045001030 CEST	49929	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.045001030 CEST	49929	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.045001030 CEST	49929	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.047077894 CEST	49932	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.047111988 CEST	443	49932	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.047174931 CEST	49932	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.047301054 CEST	49932	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.047305107 CEST	443	49932	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.050864935 CEST	443	49927	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.051223993 CEST	49927	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.051265955 CEST	443	49927	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.051599026 CEST	49927	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.051613092 CEST	443	49927	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.139127970 CEST	443	49928	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.139261007 CEST	443	49928	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.139525890 CEST	49928	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.139525890 CEST	49928	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.139525890 CEST	49928	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.141936064 CEST	49933	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.142040014 CEST	443	49933	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.142148018 CEST	49933	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.142501116 CEST	49933	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.142585039 CEST	443	49933	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.160887957 CEST	443	49927	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.161696911 CEST	443	49927	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.161868095 CEST	49927	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.161868095 CEST	49927	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.161868095 CEST	49927	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.163670063 CEST	49934	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.163758039 CEST	443	49934	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.163846970 CEST	49934	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.163944960 CEST	49934	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.163984060 CEST	443	49934	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.239288092 CEST	443	49931	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.239644051 CEST	49931	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.239658117 CEST	443	49931	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.240034103 CEST	49931	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.240036964 CEST	443	49931	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.245151997 CEST	443	49930	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.246265888 CEST	49930	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.246360064 CEST	443	49930	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.246493101 CEST	49930	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.246510029 CEST	443	49930	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.346116066 CEST	49929	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.346185923 CEST	443	49929	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.439579964 CEST	49928	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.439598083 CEST	443	49928	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.470968008 CEST	49927	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.471015930 CEST	443	49927	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.665982008 CEST	443	49930	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.666004896 CEST	443	49930	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.666065931 CEST	443	49930	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.666085005 CEST	49930	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.666193008 CEST	443	49931	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.666265965 CEST	49930	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.666336060 CEST	443	49931	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.666342020 CEST	49930	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.666342020 CEST	49930	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.666388035 CEST	443	49930	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.666415930 CEST	443	49930	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.666444063 CEST	49931	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.666480064 CEST	49931	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.666500092 CEST	443	49931	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.666512966 CEST	49931	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.666521072 CEST	443	49931	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.669060946 CEST	49935	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.669089079 CEST	443	49935	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.669121027 CEST	49936	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.669152021 CEST	443	49936	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.669156075 CEST	49935	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.669194937 CEST	49936	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.669270039 CEST	49935	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.669275045 CEST	443	49935	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:48.669323921 CEST	49936	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:48.669359922 CEST	443	49936	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.132785082 CEST	443	49933	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.133372068 CEST	49933	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.133490086 CEST	443	49933	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.133697987 CEST	49933	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.133713961 CEST	443	49933	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.157881021 CEST	443	49932	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.158272028 CEST	49932	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.158301115 CEST	443	49932	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.158684969 CEST	49932	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.158689022 CEST	443	49932	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.160446882 CEST	443	49934	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.160813093 CEST	49934	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.160855055 CEST	443	49934	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.161175013 CEST	49934	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.161183119 CEST	443	49934	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.232243061 CEST	443	49933	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.232371092 CEST	443	49933	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.232505083 CEST	49933	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.232600927 CEST	49933	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.232647896 CEST	443	49933	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.232698917 CEST	49933	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.232717037 CEST	443	49933	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.234875917 CEST	49937	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.234963894 CEST	443	49937	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.235054016 CEST	49937	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.235177040 CEST	49937	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.235193014 CEST	443	49937	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.259021997 CEST	443	49932	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.259093046 CEST	443	49932	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.259147882 CEST	49932	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.259165049 CEST	443	49932	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.259198904 CEST	443	49932	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.259242058 CEST	49932	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.259242058 CEST	49932	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.259262085 CEST	443	49932	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.259272099 CEST	49932	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.259277105 CEST	443	49932	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.261409044 CEST	49938	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.261431932 CEST	443	49938	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.261502028 CEST	49938	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.261610985 CEST	49938	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.261626005 CEST	443	49938	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.263044119 CEST	443	49934	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.263180971 CEST	443	49934	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.263231993 CEST	49934	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.263273001 CEST	443	49934	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.263310909 CEST	443	49934	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.263355970 CEST	49934	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.263432980 CEST	49934	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.263432980 CEST	49934	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.263462067 CEST	443	49934	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.263484001 CEST	443	49934	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.265139103 CEST	49939	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.265216112 CEST	443	49939	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.265296936 CEST	49939	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.265429020 CEST	49939	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.265460968 CEST	443	49939	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.578102112 CEST	443	49935	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.578583956 CEST	49935	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.578603983 CEST	443	49935	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.578970909 CEST	49935	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.578975916 CEST	443	49935	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.593966007 CEST	443	49936	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.594297886 CEST	49936	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.594333887 CEST	443	49936	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.594604969 CEST	49936	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.594616890 CEST	443	49936	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.983118057 CEST	443	49935	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.983179092 CEST	443	49935	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.983232021 CEST	49935	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.983409882 CEST	49935	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.983423948 CEST	443	49935	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.983433008 CEST	49935	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.983438015 CEST	443	49935	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.983689070 CEST	443	49936	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.983835936 CEST	443	49936	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.983930111 CEST	49936	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.984009981 CEST	49936	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.984009981 CEST	49936	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.984052896 CEST	443	49936	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.984078884 CEST	443	49936	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.986110926 CEST	49940	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.986176968 CEST	49941	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.986180067 CEST	443	49940	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.986236095 CEST	443	49941	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.986259937 CEST	49940	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.986295938 CEST	49941	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.986421108 CEST	49940	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.986423969 CEST	49941	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:49.986439943 CEST	443	49940	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:49.986455917 CEST	443	49941	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.165965080 CEST	443	49937	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.166431904 CEST	49937	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.166524887 CEST	443	49937	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.166826010 CEST	49937	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.166841030 CEST	443	49937	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.170561075 CEST	443	49939	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.170821905 CEST	49939	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.170900106 CEST	443	49939	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.171139956 CEST	49939	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.171154022 CEST	443	49939	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.177445889 CEST	443	49938	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.177763939 CEST	49938	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.177794933 CEST	443	49938	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.178085089 CEST	49938	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.178096056 CEST	443	49938	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.260827065 CEST	443	49937	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.261039019 CEST	443	49937	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.261106014 CEST	49937	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.261161089 CEST	49937	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.261161089 CEST	49937	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.261195898 CEST	443	49937	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.261228085 CEST	443	49937	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.263447046 CEST	49942	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.263474941 CEST	443	49942	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.263531923 CEST	49942	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.263681889 CEST	49942	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.263693094 CEST	443	49942	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.267465115 CEST	443	49939	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.267759085 CEST	443	49939	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.267818928 CEST	49939	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.267870903 CEST	49939	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.267870903 CEST	49939	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.267904043 CEST	443	49939	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.267930031 CEST	443	49939	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.270986080 CEST	49943	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.271053076 CEST	443	49943	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.271121025 CEST	49943	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.271219969 CEST	49943	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.271236897 CEST	443	49943	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.279021025 CEST	443	49938	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.279217958 CEST	443	49938	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.279273987 CEST	49938	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.279308081 CEST	49938	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.279308081 CEST	49938	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.279323101 CEST	443	49938	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.279346943 CEST	443	49938	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.281224012 CEST	49944	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.281287909 CEST	443	49944	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.281364918 CEST	49944	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.281481981 CEST	49944	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.281502008 CEST	443	49944	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.627728939 CEST	443	49941	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.628583908 CEST	49941	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.628683090 CEST	443	49941	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.629143953 CEST	49941	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.629183054 CEST	443	49940	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.629266024 CEST	443	49941	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.629559994 CEST	49940	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.629611015 CEST	443	49940	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.629950047 CEST	49940	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.629961967 CEST	443	49940	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.726748943 CEST	443	49941	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.726834059 CEST	443	49941	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.726910114 CEST	49941	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.726922035 CEST	443	49941	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.726985931 CEST	49941	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.727082968 CEST	49941	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.727123022 CEST	443	49941	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.727144957 CEST	443	49940	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.727170944 CEST	49941	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.727185965 CEST	443	49941	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.728099108 CEST	443	49940	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.728177071 CEST	49940	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.728240013 CEST	49940	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.728240013 CEST	49940	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.728275061 CEST	443	49940	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.728308916 CEST	443	49940	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.729451895 CEST	49945	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.729482889 CEST	443	49945	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.729567051 CEST	49945	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.729662895 CEST	49945	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.729670048 CEST	443	49945	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.730149031 CEST	49946	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.730154991 CEST	443	49946	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.730216026 CEST	49946	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.730321884 CEST	49946	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.730329990 CEST	443	49946	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.904432058 CEST	443	49944	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.904572010 CEST	443	49943	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.904954910 CEST	49943	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.904975891 CEST	49944	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.905014038 CEST	443	49944	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.905023098 CEST	443	49943	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.905344963 CEST	49944	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.905354977 CEST	443	49944	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.905365944 CEST	49943	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.905386925 CEST	443	49943	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.908699989 CEST	443	49942	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.908998966 CEST	49942	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.909082890 CEST	443	49942	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:50.909358025 CEST	49942	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:50.909372091 CEST	443	49942	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.235490084 CEST	443	49942	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.235541105 CEST	443	49942	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.235600948 CEST	443	49942	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.235624075 CEST	49942	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.235641956 CEST	443	49943	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.235658884 CEST	49942	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.235671043 CEST	443	49944	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.235742092 CEST	443	49944	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.235790014 CEST	443	49943	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.235799074 CEST	49944	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.235831976 CEST	443	49944	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.235858917 CEST	49943	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.235937119 CEST	443	49944	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.235985994 CEST	49944	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.236145020 CEST	49942	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.236145020 CEST	49942	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.236175060 CEST	443	49942	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.236188889 CEST	443	49942	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.243695974 CEST	49943	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.243731976 CEST	443	49943	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.243777037 CEST	49943	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.243788004 CEST	443	49943	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.244278908 CEST	49944	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.244278908 CEST	49944	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.244345903 CEST	443	49944	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.244378090 CEST	443	49944	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.248886108 CEST	49947	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.248936892 CEST	443	49947	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.249023914 CEST	49947	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.249490976 CEST	49948	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.249581099 CEST	443	49948	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.249665022 CEST	49948	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.249936104 CEST	49949	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.249975920 CEST	443	49949	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.250027895 CEST	49949	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.250062943 CEST	49947	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.250112057 CEST	443	49947	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.250149012 CEST	49948	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.250190020 CEST	443	49948	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.250202894 CEST	49949	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.250219107 CEST	443	49949	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.423346043 CEST	443	49945	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.423893929 CEST	443	49946	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.457628012 CEST	49945	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.457669020 CEST	443	49945	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.470066071 CEST	49946	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.489741087 CEST	49945	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.489758968 CEST	443	49945	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.490494967 CEST	49946	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.490502119 CEST	443	49946	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.492065907 CEST	49946	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.492070913 CEST	443	49946	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.585180044 CEST	443	49945	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.586097002 CEST	443	49945	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.586157084 CEST	49945	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.586199999 CEST	49945	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.586214066 CEST	443	49945	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.586222887 CEST	49945	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.586226940 CEST	443	49945	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.587964058 CEST	49950	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:51.588006020 CEST	443	49950	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:51.588076115 CEST	49950	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:51.588155031 CEST	443	49946	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.588227987 CEST	443	49946	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.588280916 CEST	49946	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.588288069 CEST	443	49946	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.588330984 CEST	443	49946	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.588381052 CEST	49946	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.588412046 CEST	49946	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.588416100 CEST	443	49946	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.588423014 CEST	49946	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.588426113 CEST	443	49946	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.588989019 CEST	49950	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:51.589004040 CEST	443	49950	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:51.589577913 CEST	49951	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.589684010 CEST	443	49951	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.589766026 CEST	49951	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.589899063 CEST	49951	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.589943886 CEST	443	49951	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.590085983 CEST	49952	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.590109110 CEST	443	49952	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.590178013 CEST	49952	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.590262890 CEST	49952	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.590289116 CEST	443	49952	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.676157951 CEST	49953	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:51.676192045 CEST	443	49953	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:51.676263094 CEST	49953	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:51.676526070 CEST	49953	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:51.676531076 CEST	443	49953	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:51.861674070 CEST	443	49948	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.862399101 CEST	49948	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.862467051 CEST	443	49948	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.862792015 CEST	49948	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.862848043 CEST	443	49948	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.904231071 CEST	443	49949	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.904697895 CEST	49949	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.904717922 CEST	443	49949	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.904943943 CEST	443	49947	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.905035019 CEST	49949	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.905041933 CEST	443	49949	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.905208111 CEST	49947	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.905241013 CEST	443	49947	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.905514956 CEST	49947	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.905524969 CEST	443	49947	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.956995964 CEST	443	49948	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.957050085 CEST	443	49948	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.957165003 CEST	443	49948	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.957237005 CEST	49948	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.957237959 CEST	49948	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.957374096 CEST	49948	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.957375050 CEST	49948	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.957422018 CEST	443	49948	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.957453966 CEST	443	49948	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.959438086 CEST	49954	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.959475994 CEST	443	49954	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:51.959542990 CEST	49954	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.959641933 CEST	49954	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:51.959649086 CEST	443	49954	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.002886057 CEST	443	49949	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.003000975 CEST	443	49947	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.003046036 CEST	443	49949	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.003057003 CEST	443	49947	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.003112078 CEST	49949	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.003154039 CEST	49947	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.003191948 CEST	443	49947	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.003268957 CEST	49947	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.003304005 CEST	49949	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.003304005 CEST	443	49947	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.003304005 CEST	49949	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.003326893 CEST	443	49949	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.003329992 CEST	49947	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.003339052 CEST	443	49949	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.003670931 CEST	443	49947	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.003756046 CEST	443	49947	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.003916979 CEST	49947	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.005615950 CEST	49956	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.005660057 CEST	49955	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.005687952 CEST	443	49956	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.005754948 CEST	443	49955	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.005768061 CEST	49956	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.005840063 CEST	49955	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.005907059 CEST	49956	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.005934000 CEST	443	49956	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.005944014 CEST	49955	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.005969048 CEST	443	49955	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.212302923 CEST	443	49952	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.212896109 CEST	49952	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.212968111 CEST	443	49952	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.213198900 CEST	49952	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.213213921 CEST	443	49952	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.216500044 CEST	443	49951	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.216743946 CEST	49951	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.216762066 CEST	443	49951	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.217021942 CEST	49951	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.217032909 CEST	443	49951	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.294112921 CEST	443	49953	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:52.294358969 CEST	49953	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:52.294377089 CEST	443	49953	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:52.295608044 CEST	443	49953	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:52.295876026 CEST	49953	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:52.296029091 CEST	49953	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:52.296029091 CEST	49953	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:52.296036959 CEST	443	49953	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:52.296051979 CEST	443	49953	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:52.310061932 CEST	443	49952	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.310142040 CEST	443	49952	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.312377930 CEST	49952	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.312377930 CEST	49952	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.312377930 CEST	49952	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.312782049 CEST	49957	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.312810898 CEST	443	49957	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.312879086 CEST	49957	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.313047886 CEST	49957	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.313059092 CEST	443	49957	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.316927910 CEST	443	49951	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.317450047 CEST	443	49951	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.317512989 CEST	49951	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.317550898 CEST	443	49951	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.317590952 CEST	443	49951	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.317656040 CEST	49951	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.317656040 CEST	49951	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.317656040 CEST	49951	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.319890022 CEST	49958	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.319900990 CEST	443	49958	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.319952011 CEST	49958	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.320084095 CEST	49958	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.320091963 CEST	443	49958	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.343396902 CEST	443	49953	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:52.345046043 CEST	49953	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:52.350200891 CEST	443	49950	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:52.350281000 CEST	49950	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:52.352013111 CEST	49950	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:52.352025032 CEST	443	49950	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:52.352226019 CEST	443	49950	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:52.353759050 CEST	49950	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:52.353813887 CEST	49950	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:52.353821039 CEST	443	49950	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:52.353919983 CEST	49950	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:52.399394989 CEST	443	49950	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:52.506469965 CEST	443	49953	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:52.508065939 CEST	443	49953	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:52.508183002 CEST	49953	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:52.508244991 CEST	49953	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:52.508265972 CEST	443	49953	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:52.524518967 CEST	443	49950	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:52.525003910 CEST	443	49950	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:52.525007010 CEST	49950	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:52.525034904 CEST	49950	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:52.525053978 CEST	443	49950	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:52.525063038 CEST	49950	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:08:52.525069952 CEST	443	49950	40.115.3.253	192.168.2.6
Oct 7, 2024 22:08:52.532604933 CEST	49951	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.532604933 CEST	49952	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.532648087 CEST	443	49951	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.532670021 CEST	443	49952	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.620448112 CEST	443	49956	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.621066093 CEST	49956	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.621131897 CEST	443	49956	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.621507883 CEST	49956	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.621562958 CEST	443	49956	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.627960920 CEST	443	49955	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.628299952 CEST	49955	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.628330946 CEST	443	49955	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.628586054 CEST	49955	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.628613949 CEST	443	49955	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.633104086 CEST	443	49954	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.633312941 CEST	49954	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.633323908 CEST	443	49954	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.633589983 CEST	49954	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.633594990 CEST	443	49954	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.716732025 CEST	443	49956	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.716883898 CEST	443	49956	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.717125893 CEST	49956	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.717127085 CEST	49956	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.717127085 CEST	49956	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.719609022 CEST	49959	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.719688892 CEST	443	49959	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.719791889 CEST	49959	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.719932079 CEST	49959	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.719952106 CEST	443	49959	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.724046946 CEST	443	49955	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.724109888 CEST	443	49955	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.724215984 CEST	443	49955	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.724221945 CEST	49955	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.724263906 CEST	49955	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.724303007 CEST	49955	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.724330902 CEST	443	49955	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.724345922 CEST	49955	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.724354029 CEST	443	49955	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.726583004 CEST	49960	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.726651907 CEST	443	49960	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.726737022 CEST	49960	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.726854086 CEST	49960	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.726872921 CEST	443	49960	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.737467051 CEST	443	49954	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.737926960 CEST	443	49954	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.737978935 CEST	49954	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.737998009 CEST	443	49954	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.738029003 CEST	443	49954	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.738079071 CEST	49954	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.738111973 CEST	443	49954	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.738123894 CEST	49954	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.738142967 CEST	443	49954	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.738151073 CEST	49954	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.738156080 CEST	443	49954	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.740323067 CEST	49961	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.740411997 CEST	443	49961	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.740506887 CEST	49961	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.740628004 CEST	49961	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.740659952 CEST	443	49961	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.931026936 CEST	443	49957	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.931555986 CEST	49957	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.931577921 CEST	443	49957	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.932147026 CEST	49957	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.932152033 CEST	443	49957	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.952452898 CEST	443	49958	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.952774048 CEST	49958	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.952791929 CEST	443	49958	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:52.953244925 CEST	49958	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:52.953248978 CEST	443	49958	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.019085884 CEST	49956	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.019164085 CEST	443	49956	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.034688950 CEST	443	49957	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.034837961 CEST	443	49957	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.035253048 CEST	49957	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.035276890 CEST	49957	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.035291910 CEST	443	49957	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.035309076 CEST	49957	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.035314083 CEST	443	49957	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.037921906 CEST	49962	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.037961960 CEST	443	49962	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.038244963 CEST	49962	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.038244963 CEST	49962	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.038397074 CEST	443	49962	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.049207926 CEST	443	49958	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.049280882 CEST	443	49958	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.049349070 CEST	49958	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.049356937 CEST	443	49958	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.049391985 CEST	443	49958	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.049504042 CEST	49958	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.049511909 CEST	443	49958	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.049521923 CEST	49958	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.049525023 CEST	443	49958	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.049546957 CEST	49958	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.049550056 CEST	443	49958	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.051997900 CEST	49963	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.052078962 CEST	443	49963	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.052172899 CEST	49963	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.052319050 CEST	49963	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.052351952 CEST	443	49963	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.287327051 CEST	49964	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:53.287360907 CEST	443	49964	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:53.287589073 CEST	49964	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:53.287775040 CEST	49964	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:53.287780046 CEST	443	49964	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:53.333667040 CEST	49965	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:53.333717108 CEST	443	49965	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:53.333909035 CEST	49965	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:53.334194899 CEST	49965	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:53.334280014 CEST	443	49965	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:53.349812031 CEST	443	49961	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.350500107 CEST	49961	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.350563049 CEST	443	49961	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.350877047 CEST	49961	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.350895882 CEST	443	49961	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.371100903 CEST	443	49959	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.371736050 CEST	49959	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.371771097 CEST	443	49960	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.371800900 CEST	443	49959	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.372140884 CEST	49959	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.372196913 CEST	443	49959	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.372323990 CEST	49960	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.372359991 CEST	443	49960	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.372865915 CEST	49960	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.372876883 CEST	443	49960	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.449760914 CEST	443	49961	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.449893951 CEST	443	49961	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.450056076 CEST	49961	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.450124979 CEST	49961	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.450124979 CEST	49961	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.450146914 CEST	443	49961	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.450158119 CEST	443	49961	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.453259945 CEST	49966	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.453315020 CEST	443	49966	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.453586102 CEST	49966	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.453656912 CEST	49966	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.453680038 CEST	443	49966	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.467809916 CEST	443	49960	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.468358040 CEST	443	49960	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.468419075 CEST	49960	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.468445063 CEST	443	49960	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.468524933 CEST	49960	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.468544006 CEST	443	49960	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.468579054 CEST	49960	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.468615055 CEST	443	49960	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.468637943 CEST	49960	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.468650103 CEST	443	49960	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.468672037 CEST	443	49960	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.471285105 CEST	49967	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.471364975 CEST	443	49967	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.471460104 CEST	49967	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.471673012 CEST	49967	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.471679926 CEST	443	49959	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.471705914 CEST	443	49967	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.471802950 CEST	443	49959	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.471863031 CEST	49959	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.472094059 CEST	49959	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.472094059 CEST	49959	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.472110033 CEST	443	49959	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.472122908 CEST	443	49959	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.474246979 CEST	49968	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.474284887 CEST	443	49968	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.474468946 CEST	49968	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.474647045 CEST	49968	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.474662066 CEST	443	49968	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.651030064 CEST	443	49962	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.655745983 CEST	49962	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.655832052 CEST	443	49962	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.656230927 CEST	49962	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.656251907 CEST	443	49962	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.666337967 CEST	443	49963	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.667733908 CEST	49963	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.667768002 CEST	443	49963	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.668272972 CEST	49963	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.668278933 CEST	443	49963	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.718559980 CEST	80	49705	217.20.57.42	192.168.2.6
Oct 7, 2024 22:08:53.718889952 CEST	49705	80	192.168.2.6	217.20.57.42
Oct 7, 2024 22:08:53.735594988 CEST	49705	80	192.168.2.6	217.20.57.42
Oct 7, 2024 22:08:53.740717888 CEST	80	49705	217.20.57.42	192.168.2.6
Oct 7, 2024 22:08:53.749599934 CEST	443	49962	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.749779940 CEST	443	49962	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.749886036 CEST	49962	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.749938965 CEST	49962	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.749962091 CEST	443	49962	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.749974012 CEST	49962	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.749979019 CEST	443	49962	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.762521029 CEST	443	49963	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.763202906 CEST	443	49963	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.763318062 CEST	443	49963	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.763324976 CEST	49963	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.763425112 CEST	49963	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.764139891 CEST	49963	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.764139891 CEST	49963	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.764188051 CEST	443	49963	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.764216900 CEST	443	49963	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.766057014 CEST	49969	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.766154051 CEST	443	49969	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.766244888 CEST	49969	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.777616024 CEST	49969	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.777698994 CEST	443	49969	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.778947115 CEST	49970	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.779032946 CEST	443	49970	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.779162884 CEST	49970	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.779309988 CEST	49970	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:53.779337883 CEST	443	49970	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:53.916002989 CEST	443	49964	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:53.941047907 CEST	49964	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:53.941092968 CEST	443	49964	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:53.942512035 CEST	443	49964	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:53.944735050 CEST	49964	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:53.944914103 CEST	49964	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:53.944925070 CEST	443	49964	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:53.944935083 CEST	49964	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:53.945045948 CEST	443	49964	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:53.991664886 CEST	443	49965	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:53.992633104 CEST	49965	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:53.992657900 CEST	443	49965	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:53.993172884 CEST	443	49965	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:53.993740082 CEST	49965	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:53.993824959 CEST	443	49965	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:53.993896008 CEST	49965	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:53.993911982 CEST	49965	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:53.993932009 CEST	443	49965	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:53.995239019 CEST	49964	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:54.086671114 CEST	443	49968	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.087163925 CEST	49968	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.087188959 CEST	443	49968	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.087769032 CEST	49968	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.087774038 CEST	443	49968	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.094877005 CEST	443	49966	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.095190048 CEST	49966	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.095279932 CEST	443	49966	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.095643997 CEST	49966	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.095663071 CEST	443	49966	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.121884108 CEST	443	49967	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.122178078 CEST	49967	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.122243881 CEST	443	49967	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.122503996 CEST	49967	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.122517109 CEST	443	49967	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.189367056 CEST	443	49968	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.190156937 CEST	443	49968	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.190207958 CEST	443	49968	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.190207005 CEST	49968	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.190288067 CEST	49968	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.190325975 CEST	49968	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.190347910 CEST	443	49968	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.190362930 CEST	49968	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.190370083 CEST	443	49968	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.193007946 CEST	49971	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.193042040 CEST	443	49971	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.193105936 CEST	49971	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.193227053 CEST	49971	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.193238974 CEST	443	49971	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.194407940 CEST	443	49966	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.194538116 CEST	443	49966	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.194593906 CEST	49966	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.194648027 CEST	49966	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.194648027 CEST	49966	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.194670916 CEST	443	49966	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.194686890 CEST	443	49966	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.197067022 CEST	49972	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.197110891 CEST	443	49972	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.197182894 CEST	49972	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.197324991 CEST	49972	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.197338104 CEST	443	49972	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.207521915 CEST	443	49964	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:54.207665920 CEST	443	49964	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:54.207731009 CEST	49964	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:54.208098888 CEST	49964	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:54.208117962 CEST	443	49964	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:54.245299101 CEST	443	49967	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.245882034 CEST	443	49967	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.245939970 CEST	49967	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.245979071 CEST	49967	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.246000051 CEST	443	49967	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.246012926 CEST	49967	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.246020079 CEST	443	49967	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.248862028 CEST	49973	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.248920918 CEST	443	49973	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.248996019 CEST	49973	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.249115944 CEST	49973	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.249131918 CEST	443	49973	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.281589031 CEST	443	49965	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:54.282107115 CEST	443	49965	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:54.282190084 CEST	49965	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:54.282316923 CEST	49965	443	192.168.2.6	172.217.16.206
Oct 7, 2024 22:08:54.282358885 CEST	443	49965	172.217.16.206	192.168.2.6
Oct 7, 2024 22:08:54.413357019 CEST	443	49969	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.413924932 CEST	49969	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.413988113 CEST	443	49969	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.414555073 CEST	49969	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.414609909 CEST	443	49969	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.449084044 CEST	443	49970	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.449564934 CEST	49970	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.449626923 CEST	443	49970	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.449966908 CEST	49970	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.449985981 CEST	443	49970	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.509248972 CEST	443	49969	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.509388924 CEST	443	49969	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.509587049 CEST	49969	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.509587049 CEST	49969	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.509587049 CEST	49969	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.512381077 CEST	49974	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.512448072 CEST	443	49974	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.512511969 CEST	49974	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.512622118 CEST	49974	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.512630939 CEST	443	49974	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.548398972 CEST	443	49970	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.548496008 CEST	443	49970	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.548548937 CEST	49970	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.548579931 CEST	443	49970	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.548697948 CEST	49970	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.548717976 CEST	443	49970	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.548741102 CEST	49970	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.548768044 CEST	443	49970	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.551208973 CEST	49975	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.551244020 CEST	443	49975	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.551320076 CEST	49975	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.551469088 CEST	49975	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.551476002 CEST	443	49975	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.811736107 CEST	443	49971	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.812196016 CEST	49971	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.812215090 CEST	443	49971	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.812796116 CEST	49971	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.812802076 CEST	443	49971	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.816858053 CEST	443	49972	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.817117929 CEST	49972	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.817137003 CEST	443	49972	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.817579031 CEST	49972	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.817584038 CEST	443	49972	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.823483944 CEST	49969	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.823551893 CEST	443	49969	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.894296885 CEST	443	49973	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.895029068 CEST	49973	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.895061016 CEST	443	49973	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.895492077 CEST	49973	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.895499945 CEST	443	49973	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.907315016 CEST	443	49971	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.907476902 CEST	443	49971	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.907555103 CEST	49971	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.907613039 CEST	49971	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.907636881 CEST	443	49971	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.907650948 CEST	49971	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.907658100 CEST	443	49971	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.910634041 CEST	49976	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.910727978 CEST	443	49976	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.910856962 CEST	49976	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.910984993 CEST	49976	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.911007881 CEST	443	49976	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.917363882 CEST	443	49972	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.917572021 CEST	443	49972	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.917634010 CEST	49972	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.917680025 CEST	49972	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.917701960 CEST	443	49972	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.917718887 CEST	49972	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.917726040 CEST	443	49972	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.919542074 CEST	49977	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.919579029 CEST	443	49977	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.919644117 CEST	49977	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.919750929 CEST	49977	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.919760942 CEST	443	49977	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.991812944 CEST	443	49973	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.992897034 CEST	443	49973	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.993002892 CEST	443	49973	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.993077040 CEST	49973	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.993077040 CEST	49973	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.993128061 CEST	49973	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.993128061 CEST	49973	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.993149996 CEST	443	49973	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.993165970 CEST	443	49973	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.995894909 CEST	49978	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.995930910 CEST	443	49978	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:54.996012926 CEST	49978	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.996121883 CEST	49978	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:54.996130943 CEST	443	49978	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.123806953 CEST	443	49974	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.124419928 CEST	49974	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.124485016 CEST	443	49974	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.124862909 CEST	49974	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.124878883 CEST	443	49974	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.177264929 CEST	443	49975	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.177694082 CEST	49975	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.177709103 CEST	443	49975	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.178065062 CEST	49975	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.178071022 CEST	443	49975	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.220551968 CEST	443	49974	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.220891953 CEST	443	49974	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.221091986 CEST	49974	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.221091986 CEST	49974	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.221091986 CEST	49974	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.223889112 CEST	49979	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.223983049 CEST	443	49979	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.224061966 CEST	49979	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.224174976 CEST	49979	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.224194050 CEST	443	49979	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.277762890 CEST	443	49975	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.277968884 CEST	443	49975	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.278029919 CEST	49975	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.278518915 CEST	49975	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.278541088 CEST	443	49975	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.278558016 CEST	49975	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.278567076 CEST	443	49975	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.281410933 CEST	49980	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.281498909 CEST	443	49980	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.281577110 CEST	49980	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.281702995 CEST	49980	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.281722069 CEST	443	49980	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.534099102 CEST	49974	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.534176111 CEST	443	49974	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.538691044 CEST	443	49976	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.539380074 CEST	49976	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.539472103 CEST	443	49976	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.539741039 CEST	49976	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.539762974 CEST	443	49976	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.559283972 CEST	443	49977	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.559776068 CEST	49977	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.559838057 CEST	443	49977	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.560334921 CEST	49977	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.560349941 CEST	443	49977	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.620776892 CEST	443	49978	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.621336937 CEST	49978	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.621385098 CEST	443	49978	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.621805906 CEST	49978	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.621818066 CEST	443	49978	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.635682106 CEST	443	49976	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.636126041 CEST	443	49976	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.636229992 CEST	443	49976	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.636372089 CEST	49976	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.636372089 CEST	49976	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.636434078 CEST	49976	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.636434078 CEST	49976	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.636461020 CEST	443	49976	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.636477947 CEST	443	49976	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.639374971 CEST	49981	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.639437914 CEST	443	49981	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.639525890 CEST	49981	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.639714956 CEST	49981	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.639731884 CEST	443	49981	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.659284115 CEST	443	49977	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.660502911 CEST	443	49977	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.660574913 CEST	49977	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.660625935 CEST	49977	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.660626888 CEST	49977	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.660661936 CEST	443	49977	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.660685062 CEST	443	49977	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.662955999 CEST	49982	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.662983894 CEST	443	49982	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.663054943 CEST	49982	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.663192034 CEST	49982	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.663207054 CEST	443	49982	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.719260931 CEST	443	49978	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.719523907 CEST	443	49978	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.719585896 CEST	49978	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.719619036 CEST	443	49978	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.719652891 CEST	443	49978	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.719702959 CEST	49978	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.719741106 CEST	49978	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.719741106 CEST	49978	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.719772100 CEST	443	49978	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.719796896 CEST	443	49978	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.722368002 CEST	49983	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.722467899 CEST	443	49983	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.722562075 CEST	49983	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.722662926 CEST	49983	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.722697973 CEST	443	49983	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.866589069 CEST	443	49979	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.867224932 CEST	49979	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.867320061 CEST	443	49979	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.867702961 CEST	49979	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.867722034 CEST	443	49979	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.909081936 CEST	443	49980	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.909451962 CEST	49980	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.909529924 CEST	443	49980	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.909908056 CEST	49980	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.909965038 CEST	443	49980	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.971349001 CEST	443	49979	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.971563101 CEST	443	49979	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.971642017 CEST	49979	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.971831083 CEST	49979	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.971879959 CEST	443	49979	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.971915007 CEST	49979	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.971931934 CEST	443	49979	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.974875927 CEST	49984	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.974967957 CEST	443	49984	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:55.975212097 CEST	49984	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.975327969 CEST	49984	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:55.975358009 CEST	443	49984	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.008591890 CEST	443	49980	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.008768082 CEST	443	49980	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.008841991 CEST	49980	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.008934021 CEST	49980	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.008959055 CEST	443	49980	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.008972883 CEST	49980	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.008980989 CEST	443	49980	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.011689901 CEST	49985	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.011786938 CEST	443	49985	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.011889935 CEST	49985	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.012036085 CEST	49985	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.012062073 CEST	443	49985	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.223313093 CEST	443	49982	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.223725080 CEST	49982	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.223778009 CEST	443	49982	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.224119902 CEST	49982	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.224133015 CEST	443	49982	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.298765898 CEST	443	49981	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.299312115 CEST	49981	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.299376011 CEST	443	49981	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.299953938 CEST	49981	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.299968004 CEST	443	49981	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.332274914 CEST	443	49982	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.332323074 CEST	443	49982	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.332366943 CEST	49982	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.332377911 CEST	443	49982	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.332422018 CEST	49982	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.333045006 CEST	49982	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.333064079 CEST	443	49982	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.333080053 CEST	49982	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.333089113 CEST	443	49982	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.336040974 CEST	49986	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.336088896 CEST	443	49986	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.336157084 CEST	49986	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.336347103 CEST	49986	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.336361885 CEST	443	49986	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.340923071 CEST	443	49983	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.341298103 CEST	49983	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.341336012 CEST	443	49983	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.341727972 CEST	49983	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.341734886 CEST	443	49983	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.405380964 CEST	443	49981	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.405461073 CEST	443	49981	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.405531883 CEST	49981	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.405694962 CEST	49981	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.405694962 CEST	49981	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.405740976 CEST	443	49981	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.405767918 CEST	443	49981	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.408265114 CEST	49987	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.408370972 CEST	443	49987	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.408468962 CEST	49987	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.408610106 CEST	49987	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.408641100 CEST	443	49987	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.438570023 CEST	443	49983	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.438787937 CEST	443	49983	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.438942909 CEST	49983	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.438944101 CEST	49983	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.438944101 CEST	49983	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.441519976 CEST	49988	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.441615105 CEST	443	49988	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.441889048 CEST	49988	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.441889048 CEST	49988	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.442013025 CEST	443	49988	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.589732885 CEST	443	49984	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.590217113 CEST	49984	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.590286016 CEST	443	49984	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.590622902 CEST	49984	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.590640068 CEST	443	49984	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.661340952 CEST	443	49985	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.661763906 CEST	49985	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.661797047 CEST	443	49985	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.662184000 CEST	49985	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.662190914 CEST	443	49985	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.719712973 CEST	443	49984	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.719919920 CEST	443	49984	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.719986916 CEST	49984	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.720031023 CEST	443	49984	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.720058918 CEST	443	49984	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.720118046 CEST	49984	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.720187902 CEST	49984	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.720206976 CEST	443	49984	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.720242023 CEST	49984	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.720248938 CEST	443	49984	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.723438025 CEST	49989	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.723522902 CEST	443	49989	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.723618984 CEST	49989	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.723783016 CEST	49989	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.723814964 CEST	443	49989	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.739442110 CEST	49983	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.739511967 CEST	443	49983	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.758104086 CEST	443	49985	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.759181976 CEST	443	49985	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.759278059 CEST	49985	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.759326935 CEST	49985	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.759326935 CEST	49985	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.759352922 CEST	443	49985	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.759365082 CEST	443	49985	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.761815071 CEST	49990	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.761931896 CEST	443	49990	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:56.762023926 CEST	49990	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.762156963 CEST	49990	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:56.762178898 CEST	443	49990	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.004600048 CEST	443	49986	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.005171061 CEST	49986	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.005219936 CEST	443	49986	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.005579948 CEST	49986	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.005589962 CEST	443	49986	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.028629065 CEST	443	49987	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.029211044 CEST	49987	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.029306889 CEST	443	49987	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.029386997 CEST	49987	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.029402971 CEST	443	49987	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.073400021 CEST	443	49988	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.074002981 CEST	49988	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.074095011 CEST	443	49988	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.074165106 CEST	49988	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.074179888 CEST	443	49988	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.106208086 CEST	443	49986	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.106285095 CEST	443	49986	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.106451035 CEST	443	49986	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.106564999 CEST	49986	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.106564999 CEST	49986	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.106684923 CEST	49986	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.106684923 CEST	49986	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.106730938 CEST	443	49986	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.106755972 CEST	443	49986	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.109395981 CEST	49991	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.109488010 CEST	443	49991	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.109579086 CEST	49991	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.109884977 CEST	49991	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.109968901 CEST	443	49991	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.123817921 CEST	443	49987	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.123955965 CEST	443	49987	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.124134064 CEST	49987	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.124473095 CEST	49987	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.124473095 CEST	49987	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.124543905 CEST	443	49987	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.124579906 CEST	443	49987	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.126187086 CEST	49992	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.126231909 CEST	443	49992	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.126300097 CEST	49992	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.126424074 CEST	49992	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.126435995 CEST	443	49992	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.168062925 CEST	443	49988	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.168365002 CEST	443	49988	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.168442011 CEST	49988	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.168531895 CEST	49988	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.168531895 CEST	49988	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.168576956 CEST	443	49988	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.168602943 CEST	443	49988	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.170972109 CEST	49993	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.171070099 CEST	443	49993	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.171174049 CEST	49993	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.171314955 CEST	49993	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.171348095 CEST	443	49993	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.332020998 CEST	443	49989	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.377024889 CEST	49989	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.379512072 CEST	443	49990	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.384433985 CEST	49989	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.384458065 CEST	443	49989	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.384911060 CEST	49989	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.384922981 CEST	443	49989	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.387339115 CEST	49990	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.387368917 CEST	443	49990	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.387732029 CEST	49990	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.387742043 CEST	443	49990	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.513818979 CEST	443	49989	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.515027046 CEST	443	49989	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.515103102 CEST	49989	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.515163898 CEST	49989	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.515163898 CEST	49989	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.515201092 CEST	443	49989	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.515224934 CEST	443	49989	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.517879009 CEST	49994	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.517992020 CEST	443	49994	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.518078089 CEST	49994	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.518222094 CEST	49994	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.518254042 CEST	443	49994	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.523443937 CEST	443	49990	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.523504019 CEST	443	49990	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.523555994 CEST	49990	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.523575068 CEST	443	49990	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.523617983 CEST	443	49990	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.523659945 CEST	49990	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.523686886 CEST	443	49990	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.523710966 CEST	49990	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.523710966 CEST	49990	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.523727894 CEST	443	49990	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.523746014 CEST	443	49990	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.525794029 CEST	49995	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.525827885 CEST	443	49995	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.525902987 CEST	49995	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.526034117 CEST	49995	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.526046038 CEST	443	49995	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.753319979 CEST	443	49991	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.754048109 CEST	49991	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.754117966 CEST	443	49991	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.754545927 CEST	49991	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.754559994 CEST	443	49991	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.812015057 CEST	443	49993	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.812314034 CEST	443	49992	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.812397003 CEST	49993	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.812438011 CEST	443	49993	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.812725067 CEST	49992	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.812747955 CEST	443	49992	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.813021898 CEST	49993	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.813030958 CEST	49992	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.813035965 CEST	443	49992	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.813044071 CEST	443	49993	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.850461006 CEST	443	49991	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.850624084 CEST	443	49991	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.850820065 CEST	49991	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.850905895 CEST	49991	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.850905895 CEST	49991	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.850958109 CEST	443	49991	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.850987911 CEST	443	49991	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.854899883 CEST	49996	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.854948997 CEST	443	49996	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.855051041 CEST	49996	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.855283022 CEST	49996	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.855299950 CEST	443	49996	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.907648087 CEST	443	49993	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.908380032 CEST	443	49993	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.908592939 CEST	49993	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.908592939 CEST	49993	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.908592939 CEST	49993	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.911410093 CEST	49997	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.911472082 CEST	443	49997	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.911565065 CEST	49997	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.911777973 CEST	49997	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.911798000 CEST	443	49997	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.913558006 CEST	443	49992	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.913635969 CEST	443	49992	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.913702965 CEST	49992	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.913844109 CEST	49992	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.913861036 CEST	443	49992	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.913871050 CEST	49992	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.913876057 CEST	443	49992	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.916138887 CEST	49998	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.916153908 CEST	443	49998	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:57.916239023 CEST	49998	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.916400909 CEST	49998	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:57.916416883 CEST	443	49998	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.127245903 CEST	49993	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.127324104 CEST	443	49993	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.166152954 CEST	443	49995	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.166662931 CEST	49995	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.166693926 CEST	443	49995	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.167273998 CEST	49995	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.167279005 CEST	443	49995	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.167469025 CEST	443	49994	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.167799950 CEST	49994	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.167834044 CEST	443	49994	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.168303967 CEST	49994	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.168312073 CEST	443	49994	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.263202906 CEST	443	49995	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.263365984 CEST	443	49995	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.263556004 CEST	49995	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.278932095 CEST	49995	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.278932095 CEST	49995	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.278966904 CEST	443	49995	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.278978109 CEST	443	49995	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.299074888 CEST	443	49994	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.299570084 CEST	443	49994	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.299762964 CEST	49994	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.309117079 CEST	49994	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.309146881 CEST	443	49994	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.309288979 CEST	49994	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.309304953 CEST	443	49994	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.320934057 CEST	49999	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.320971966 CEST	443	49999	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.321048021 CEST	49999	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.321676016 CEST	49999	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.321690083 CEST	443	49999	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.323122025 CEST	50000	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.323216915 CEST	443	50000	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.323299885 CEST	50000	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.323571920 CEST	50000	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.323607922 CEST	443	50000	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.468666077 CEST	443	49996	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.514174938 CEST	49996	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.514189005 CEST	443	49996	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.517987967 CEST	49996	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.517993927 CEST	443	49996	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.538083076 CEST	443	49997	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.538606882 CEST	49997	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.538646936 CEST	443	49997	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.539278984 CEST	49997	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.539285898 CEST	443	49997	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.552470922 CEST	443	49998	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.552934885 CEST	49998	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.552961111 CEST	443	49998	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.553414106 CEST	49998	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.553422928 CEST	443	49998	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.617288113 CEST	443	49996	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.617419004 CEST	443	49996	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.617491961 CEST	49996	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.617691040 CEST	49996	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.617712021 CEST	443	49996	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.617722988 CEST	49996	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.617729902 CEST	443	49996	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.620153904 CEST	50001	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.620223999 CEST	443	50001	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.620326042 CEST	50001	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.620455027 CEST	50001	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.620474100 CEST	443	50001	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.651839018 CEST	443	49998	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.652220964 CEST	443	49998	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.652295113 CEST	49998	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.652324915 CEST	443	49998	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.652390003 CEST	49998	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.652445078 CEST	49998	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.652472973 CEST	443	49998	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.652488947 CEST	49998	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.652497053 CEST	443	49998	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.655042887 CEST	50002	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.655113935 CEST	443	50002	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.655209064 CEST	50002	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.655437946 CEST	50002	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.655453920 CEST	443	50002	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.657118082 CEST	443	49997	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.657273054 CEST	443	49997	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.657337904 CEST	49997	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.657386065 CEST	49997	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.657402992 CEST	443	49997	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.657427073 CEST	49997	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.657433987 CEST	443	49997	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.660124063 CEST	50003	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.660192966 CEST	443	50003	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.660286903 CEST	50003	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.660430908 CEST	50003	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.660449028 CEST	443	50003	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.940180063 CEST	443	49999	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.942020893 CEST	49999	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.942035913 CEST	443	49999	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.942473888 CEST	49999	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.942478895 CEST	443	49999	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.947916031 CEST	443	50000	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.948290110 CEST	50000	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.948319912 CEST	443	50000	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:58.948849916 CEST	50000	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:58.948859930 CEST	443	50000	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.387804031 CEST	443	49999	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.387885094 CEST	443	49999	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.387934923 CEST	49999	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.388066053 CEST	49999	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.388084888 CEST	443	49999	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.388112068 CEST	49999	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.388119936 CEST	443	49999	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.388375044 CEST	443	50000	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.388452053 CEST	443	50000	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.388520002 CEST	50000	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.388562918 CEST	443	50000	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.388598919 CEST	443	50000	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.388674021 CEST	50000	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.388744116 CEST	50000	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.388772964 CEST	443	50000	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.391566992 CEST	50005	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.391660929 CEST	50004	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.391665936 CEST	443	50005	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.391714096 CEST	443	50004	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.391757011 CEST	50005	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.391792059 CEST	50004	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.391855001 CEST	50005	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.391875982 CEST	443	50005	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.392072916 CEST	50004	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.392092943 CEST	443	50004	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.531812906 CEST	443	50001	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.532670021 CEST	50001	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.532704115 CEST	443	50001	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.533138990 CEST	50001	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.533145905 CEST	443	50001	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.610101938 CEST	443	50002	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.610294104 CEST	443	50003	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.610788107 CEST	50002	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.610827923 CEST	443	50002	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.611399889 CEST	50002	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.611407042 CEST	443	50002	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.611593008 CEST	50003	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.611613989 CEST	443	50003	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.612081051 CEST	50003	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.612090111 CEST	443	50003	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.634143114 CEST	443	50001	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.634296894 CEST	443	50001	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.634370089 CEST	50001	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.634422064 CEST	50001	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.634445906 CEST	443	50001	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.634460926 CEST	50001	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.634469032 CEST	443	50001	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.636818886 CEST	50006	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.636876106 CEST	443	50006	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.636951923 CEST	50006	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.637070894 CEST	50006	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.637089014 CEST	443	50006	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.681315899 CEST	50007	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:59.681355000 CEST	443	50007	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:59.681452990 CEST	50007	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:59.682600021 CEST	50007	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:08:59.682614088 CEST	443	50007	172.202.163.200	192.168.2.6
Oct 7, 2024 22:08:59.708208084 CEST	443	50002	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.708328962 CEST	443	50002	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.708405972 CEST	50002	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.708415031 CEST	443	50003	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.708431959 CEST	443	50002	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.708487988 CEST	50002	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.709141970 CEST	443	50003	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.709209919 CEST	50003	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.727730989 CEST	50002	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.727730989 CEST	50002	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.727767944 CEST	443	50002	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.727786064 CEST	443	50002	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.727889061 CEST	50003	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.727889061 CEST	50003	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.727952003 CEST	443	50003	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.727982044 CEST	443	50003	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.731486082 CEST	50008	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.731540918 CEST	443	50008	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.731627941 CEST	50008	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.732769966 CEST	50009	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.732812881 CEST	443	50009	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.732892990 CEST	50009	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.732950926 CEST	50008	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.732975006 CEST	443	50008	13.107.246.45	192.168.2.6
Oct 7, 2024 22:08:59.733028889 CEST	50009	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:08:59.733038902 CEST	443	50009	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.082734108 CEST	443	50004	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.083343983 CEST	50004	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.083380938 CEST	443	50004	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.083771944 CEST	50004	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.083785057 CEST	443	50004	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.090526104 CEST	443	50005	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.090934992 CEST	50005	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.090989113 CEST	443	50005	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.091516972 CEST	50005	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.091531992 CEST	443	50005	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.183252096 CEST	443	50004	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.183439970 CEST	443	50004	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.183528900 CEST	50004	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.183625937 CEST	50004	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.183643103 CEST	443	50004	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.183676004 CEST	50004	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.183681965 CEST	443	50004	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.186611891 CEST	50010	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.186654091 CEST	443	50010	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.186741114 CEST	50010	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.186871052 CEST	50010	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.186877012 CEST	443	50010	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.192220926 CEST	443	50005	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.192409039 CEST	443	50005	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.192490101 CEST	50005	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.192564011 CEST	50005	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.192588091 CEST	443	50005	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.192605019 CEST	50005	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.192612886 CEST	443	50005	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.195066929 CEST	50011	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.195118904 CEST	443	50011	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.195199013 CEST	50011	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.195353985 CEST	50011	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.195374012 CEST	443	50011	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.246936083 CEST	443	50006	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.247432947 CEST	50006	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.247462988 CEST	443	50006	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.247819901 CEST	50006	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.247826099 CEST	443	50006	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.383044958 CEST	443	50008	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.384191990 CEST	50008	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.384221077 CEST	443	50008	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.385735035 CEST	50008	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.385740995 CEST	443	50008	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.394093037 CEST	443	50009	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.394731998 CEST	50009	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.394742012 CEST	443	50009	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.395529985 CEST	50009	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.395534992 CEST	443	50009	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.427752018 CEST	443	50006	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.427781105 CEST	443	50006	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.427823067 CEST	443	50006	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.427845001 CEST	50006	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.427891970 CEST	50006	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.428179979 CEST	50006	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.428203106 CEST	443	50006	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.428219080 CEST	50006	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.428225994 CEST	443	50006	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.431145906 CEST	50012	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.431200981 CEST	443	50012	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.431281090 CEST	50012	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.431535959 CEST	50012	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.431555033 CEST	443	50012	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.438049078 CEST	443	50007	172.202.163.200	192.168.2.6
Oct 7, 2024 22:09:00.438126087 CEST	50007	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:09:00.440256119 CEST	50007	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:09:00.440263033 CEST	443	50007	172.202.163.200	192.168.2.6
Oct 7, 2024 22:09:00.440635920 CEST	443	50007	172.202.163.200	192.168.2.6
Oct 7, 2024 22:09:00.451343060 CEST	50007	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:09:00.490828037 CEST	443	50009	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.491187096 CEST	443	50009	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.491251945 CEST	50009	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.491307020 CEST	50009	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.491322041 CEST	443	50009	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.491332054 CEST	50009	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.491337061 CEST	443	50009	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.491417885 CEST	443	50007	172.202.163.200	192.168.2.6
Oct 7, 2024 22:09:00.494657040 CEST	50013	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.494707108 CEST	443	50013	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.494800091 CEST	50013	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.495131969 CEST	50013	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.495148897 CEST	443	50013	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.538274050 CEST	443	50008	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.538463116 CEST	443	50008	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.538521051 CEST	50008	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.538672924 CEST	50008	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.538685083 CEST	443	50008	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.538717031 CEST	50008	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.538723946 CEST	443	50008	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.541790962 CEST	50014	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.541842937 CEST	443	50014	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.541930914 CEST	50014	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.542098045 CEST	50014	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.542114973 CEST	443	50014	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.703381062 CEST	443	50007	172.202.163.200	192.168.2.6
Oct 7, 2024 22:09:00.703434944 CEST	443	50007	172.202.163.200	192.168.2.6
Oct 7, 2024 22:09:00.703454971 CEST	443	50007	172.202.163.200	192.168.2.6
Oct 7, 2024 22:09:00.703562975 CEST	50007	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:09:00.703588963 CEST	443	50007	172.202.163.200	192.168.2.6
Oct 7, 2024 22:09:00.703644037 CEST	50007	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:09:00.704982042 CEST	443	50007	172.202.163.200	192.168.2.6
Oct 7, 2024 22:09:00.705050945 CEST	50007	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:09:00.705055952 CEST	443	50007	172.202.163.200	192.168.2.6
Oct 7, 2024 22:09:00.705096960 CEST	443	50007	172.202.163.200	192.168.2.6
Oct 7, 2024 22:09:00.705115080 CEST	50007	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:09:00.705144882 CEST	50007	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:09:00.709441900 CEST	50007	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:09:00.709471941 CEST	443	50007	172.202.163.200	192.168.2.6
Oct 7, 2024 22:09:00.709490061 CEST	50007	443	192.168.2.6	172.202.163.200
Oct 7, 2024 22:09:00.709497929 CEST	443	50007	172.202.163.200	192.168.2.6
Oct 7, 2024 22:09:00.903450966 CEST	443	50010	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.905396938 CEST	50010	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.905416965 CEST	443	50010	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.905855894 CEST	50010	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:00.905865908 CEST	443	50010	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.912049055 CEST	443	50011	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:00.954983950 CEST	50011	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.012025118 CEST	443	50010	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.012109995 CEST	443	50010	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.012197018 CEST	50010	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.012216091 CEST	443	50010	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.012281895 CEST	443	50010	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.012331963 CEST	50010	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.013444901 CEST	50011	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.013500929 CEST	443	50011	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.013703108 CEST	50011	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.013720989 CEST	443	50011	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.019910097 CEST	50010	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.019925117 CEST	443	50010	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.023838997 CEST	50015	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.023937941 CEST	443	50015	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.024044991 CEST	50015	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.026937008 CEST	50015	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.026969910 CEST	443	50015	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.077677011 CEST	443	50012	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.078495026 CEST	50012	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.078557968 CEST	443	50012	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.079140902 CEST	50012	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.079154015 CEST	443	50012	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.128930092 CEST	443	50011	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.129098892 CEST	443	50011	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.129273891 CEST	50011	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.129273891 CEST	50011	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.129275084 CEST	50011	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.131778955 CEST	50016	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.131828070 CEST	443	50016	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.131886959 CEST	50016	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.132013083 CEST	50016	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.132033110 CEST	443	50016	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.162683010 CEST	443	50013	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.163108110 CEST	50013	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.163140059 CEST	443	50013	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.163558960 CEST	50013	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.163566113 CEST	443	50013	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.444284916 CEST	50011	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.444365978 CEST	443	50011	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.485327959 CEST	443	50012	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.485352993 CEST	443	50012	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.485419035 CEST	443	50012	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.485486031 CEST	50012	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.485555887 CEST	50012	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.485706091 CEST	50012	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.485706091 CEST	50012	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.485749006 CEST	443	50012	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.485776901 CEST	443	50012	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.488822937 CEST	50017	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.488872051 CEST	443	50017	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.488943100 CEST	50017	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.489101887 CEST	50017	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.489119053 CEST	443	50017	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.492681980 CEST	443	50014	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.494647026 CEST	50014	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.494654894 CEST	443	50014	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.495115042 CEST	50014	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.495119095 CEST	443	50014	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.574197054 CEST	443	50013	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.574290037 CEST	443	50013	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.574481964 CEST	443	50013	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.574481010 CEST	50013	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.574536085 CEST	50013	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.574615002 CEST	50013	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.574634075 CEST	443	50013	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.574644089 CEST	50013	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.574651957 CEST	443	50013	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.577020884 CEST	50018	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.577054024 CEST	443	50018	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.577138901 CEST	50018	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.577269077 CEST	50018	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.577281952 CEST	443	50018	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.601785898 CEST	443	50014	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.601816893 CEST	443	50014	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.601881981 CEST	443	50014	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.601897001 CEST	50014	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.601933002 CEST	50014	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.602169037 CEST	50014	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.602185011 CEST	443	50014	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.602195024 CEST	50014	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.602201939 CEST	443	50014	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.604738951 CEST	443	50015	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.604950905 CEST	50019	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.605030060 CEST	443	50019	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.605309010 CEST	50015	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.605348110 CEST	443	50015	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.605375051 CEST	50019	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.605479956 CEST	50019	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.605501890 CEST	443	50019	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.605690002 CEST	50015	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.605701923 CEST	443	50015	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.751379013 CEST	443	50016	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.751552105 CEST	443	50015	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.751574039 CEST	443	50015	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.751631975 CEST	443	50015	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.751727104 CEST	50015	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.752228022 CEST	50015	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.752228022 CEST	50016	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.752266884 CEST	443	50016	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.752315044 CEST	50015	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.752334118 CEST	443	50015	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.752346992 CEST	50015	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.752353907 CEST	443	50015	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.752674103 CEST	50016	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.752680063 CEST	443	50016	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.754750013 CEST	50020	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.754803896 CEST	443	50020	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.754893064 CEST	50020	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.755027056 CEST	50020	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.755040884 CEST	443	50020	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.867417097 CEST	443	50016	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.867573023 CEST	443	50016	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.867738962 CEST	50016	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.867846966 CEST	50016	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.867846966 CEST	50016	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.867894888 CEST	443	50016	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.867928028 CEST	443	50016	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.870223999 CEST	50021	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.870258093 CEST	443	50021	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:01.870342016 CEST	50021	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.870486021 CEST	50021	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:01.870498896 CEST	443	50021	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.141382933 CEST	443	50017	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.145359039 CEST	50017	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.145395041 CEST	443	50017	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.146106005 CEST	50017	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.146111012 CEST	443	50017	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.232953072 CEST	443	50018	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.234306097 CEST	50018	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.234316111 CEST	443	50018	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.234738111 CEST	50018	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.234740973 CEST	443	50018	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.250538111 CEST	443	50019	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.250915051 CEST	50019	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.250997066 CEST	443	50019	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.251286030 CEST	50019	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.251305103 CEST	443	50019	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.253973961 CEST	443	50017	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.254044056 CEST	443	50017	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.254117012 CEST	50017	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.254282951 CEST	50017	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.254297018 CEST	443	50017	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.254307032 CEST	50017	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.254312038 CEST	443	50017	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.257008076 CEST	50022	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.257040977 CEST	443	50022	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.257133961 CEST	50022	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.257287025 CEST	50022	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.257296085 CEST	443	50022	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.333076000 CEST	443	50018	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.333240032 CEST	443	50018	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.333360910 CEST	50018	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.333509922 CEST	50018	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.333529949 CEST	443	50018	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.333542109 CEST	50018	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.333548069 CEST	443	50018	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.336092949 CEST	50023	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.336152077 CEST	443	50023	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.336246967 CEST	50023	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.336390972 CEST	50023	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.336416006 CEST	443	50023	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.352444887 CEST	443	50019	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.352523088 CEST	443	50019	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.352576971 CEST	50019	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.352715969 CEST	50019	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.352740049 CEST	443	50019	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.352760077 CEST	50019	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.352766991 CEST	443	50019	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.355596066 CEST	50024	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.355689049 CEST	443	50024	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.356018066 CEST	50024	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.356147051 CEST	50024	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.356174946 CEST	443	50024	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.372358084 CEST	443	50020	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.372762918 CEST	50020	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.372797012 CEST	443	50020	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.373168945 CEST	50020	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.373177052 CEST	443	50020	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.468938112 CEST	443	50020	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.469002008 CEST	443	50020	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.469094992 CEST	50020	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.469146967 CEST	443	50020	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.469177961 CEST	443	50020	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.469232082 CEST	50020	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.469347954 CEST	50020	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.469372988 CEST	443	50020	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.469387054 CEST	50020	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.469394922 CEST	443	50020	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.472774029 CEST	50025	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.472873926 CEST	443	50025	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.472990036 CEST	50025	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.473124981 CEST	50025	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.473145008 CEST	443	50025	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.524593115 CEST	443	50021	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.528743982 CEST	50021	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.528759956 CEST	443	50021	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.529335976 CEST	50021	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.529344082 CEST	443	50021	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.628540993 CEST	443	50021	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.628586054 CEST	443	50021	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.628770113 CEST	50021	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.628798962 CEST	443	50021	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.628916025 CEST	443	50021	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.628976107 CEST	50021	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.628995895 CEST	443	50021	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.629012108 CEST	50021	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.629012108 CEST	50021	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.629020929 CEST	443	50021	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.629028082 CEST	443	50021	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.631848097 CEST	50026	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.631906033 CEST	443	50026	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.632000923 CEST	50026	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.632196903 CEST	50026	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.632210970 CEST	443	50026	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.895845890 CEST	443	50022	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.896239042 CEST	50022	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.896258116 CEST	443	50022	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.896631956 CEST	50022	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.896637917 CEST	443	50022	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.979598045 CEST	443	50023	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.980127096 CEST	50023	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.980180025 CEST	443	50023	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.980854988 CEST	50023	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.980863094 CEST	443	50023	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.983669996 CEST	443	50024	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.984169960 CEST	50024	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.984200001 CEST	443	50024	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:02.984566927 CEST	50024	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:02.984571934 CEST	443	50024	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.002285957 CEST	443	50022	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.002310991 CEST	443	50022	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.002350092 CEST	443	50022	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.002402067 CEST	50022	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.002424002 CEST	443	50022	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.002449036 CEST	50022	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.002469063 CEST	50022	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.075253963 CEST	443	50023	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.075282097 CEST	443	50023	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.075351954 CEST	443	50023	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.075453043 CEST	50023	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.075453043 CEST	50023	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.075815916 CEST	50023	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.075817108 CEST	50023	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.075858116 CEST	443	50023	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.075877905 CEST	443	50023	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.078614950 CEST	443	50022	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.078704119 CEST	50022	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.078707933 CEST	443	50022	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.078749895 CEST	50022	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.078847885 CEST	50027	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.078891039 CEST	50022	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.078907013 CEST	443	50022	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.078916073 CEST	50022	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.078921080 CEST	443	50022	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.078943014 CEST	443	50027	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.079015017 CEST	50027	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.080454111 CEST	50027	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.080490112 CEST	443	50027	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.082113981 CEST	50028	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.082146883 CEST	443	50028	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.082202911 CEST	50028	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.082343102 CEST	50028	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.082360983 CEST	443	50028	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.083300114 CEST	443	50024	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.083322048 CEST	443	50024	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.083334923 CEST	443	50024	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.083419085 CEST	50024	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.083442926 CEST	443	50024	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.083506107 CEST	50024	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.122149944 CEST	443	50025	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.122529984 CEST	50025	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.122598886 CEST	443	50025	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.122925043 CEST	50025	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.122937918 CEST	443	50025	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.163638115 CEST	443	50024	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.163685083 CEST	443	50024	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.163753033 CEST	443	50024	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.163753033 CEST	50024	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.163814068 CEST	50024	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.164458036 CEST	50024	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.164508104 CEST	443	50024	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.164541006 CEST	50024	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.164557934 CEST	443	50024	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.167031050 CEST	50029	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.167136908 CEST	443	50029	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.167231083 CEST	50029	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.167342901 CEST	50029	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.167363882 CEST	443	50029	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.225104094 CEST	443	50025	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.225135088 CEST	443	50025	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.225198030 CEST	443	50025	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.225229025 CEST	50025	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.225267887 CEST	50025	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.225507975 CEST	50025	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.225537062 CEST	443	50025	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.225553989 CEST	50025	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.225564003 CEST	443	50025	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.228122950 CEST	50030	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.228230000 CEST	443	50030	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.228348017 CEST	50030	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.228642941 CEST	50030	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.228719950 CEST	443	50030	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.273139000 CEST	443	50026	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.273736000 CEST	50026	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.273827076 CEST	443	50026	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.274357080 CEST	50026	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.274413109 CEST	443	50026	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.372076988 CEST	443	50026	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.372111082 CEST	443	50026	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.372272015 CEST	50026	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.372332096 CEST	443	50026	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.372415066 CEST	443	50026	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.372463942 CEST	50026	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.375334024 CEST	50026	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.375359058 CEST	443	50026	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.375376940 CEST	50026	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.375391960 CEST	443	50026	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.400614023 CEST	50031	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.400680065 CEST	443	50031	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.400779963 CEST	50031	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.403954983 CEST	50031	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.403976917 CEST	443	50031	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.686532974 CEST	443	50027	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.687026978 CEST	50027	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.687088966 CEST	443	50027	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.687433958 CEST	50027	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.687448025 CEST	443	50027	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.713890076 CEST	443	50028	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.714478970 CEST	50028	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.714498997 CEST	443	50028	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.714708090 CEST	50028	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.714714050 CEST	443	50028	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.776256084 CEST	443	50029	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.776803017 CEST	50029	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.776894093 CEST	443	50029	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.776937008 CEST	50029	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.776952028 CEST	443	50029	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.803186893 CEST	443	50027	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.803340912 CEST	443	50027	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.803514957 CEST	50027	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.803514957 CEST	50027	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.803514957 CEST	50027	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.805937052 CEST	50032	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.805965900 CEST	443	50032	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.806044102 CEST	50032	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.806184053 CEST	50032	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.806189060 CEST	443	50032	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.813401937 CEST	443	50028	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.813560963 CEST	443	50028	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.813627958 CEST	50028	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.813708067 CEST	50028	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.813708067 CEST	50028	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.813739061 CEST	443	50028	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.813767910 CEST	443	50028	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.815455914 CEST	50033	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.815563917 CEST	443	50033	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.815649033 CEST	50033	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.815748930 CEST	50033	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.815774918 CEST	443	50033	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.834254026 CEST	443	50030	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.834574938 CEST	50030	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.834661961 CEST	443	50030	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.835058928 CEST	50030	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.835078001 CEST	443	50030	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.890084028 CEST	443	50029	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.890470028 CEST	443	50029	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.890537024 CEST	50029	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.890584946 CEST	50029	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.890609026 CEST	443	50029	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.890623093 CEST	50029	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.890630007 CEST	443	50029	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.893462896 CEST	50034	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.893512011 CEST	443	50034	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.893599033 CEST	50034	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.893757105 CEST	50034	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.893769979 CEST	443	50034	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.930473089 CEST	443	50030	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.930774927 CEST	443	50030	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.930947065 CEST	50030	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.930947065 CEST	50030	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.930947065 CEST	50030	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.933109999 CEST	50035	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.933151007 CEST	443	50035	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.933219910 CEST	50035	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.933357000 CEST	50035	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.933371067 CEST	443	50035	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.953270912 CEST	443	50031	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.953668118 CEST	50031	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.953705072 CEST	443	50031	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:03.954104900 CEST	50031	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:03.954112053 CEST	443	50031	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.029424906 CEST	50027	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.029444933 CEST	443	50027	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.052676916 CEST	443	50031	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.052748919 CEST	443	50031	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.052856922 CEST	443	50031	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.052925110 CEST	50031	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.052925110 CEST	50031	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.053020000 CEST	50031	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.053039074 CEST	443	50031	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.053054094 CEST	50031	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.053061008 CEST	443	50031	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.232474089 CEST	50030	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.232537031 CEST	443	50030	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.410584927 CEST	443	50032	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.411058903 CEST	50032	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.411076069 CEST	443	50032	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.411513090 CEST	50032	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.411516905 CEST	443	50032	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.463325977 CEST	443	50033	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.464004040 CEST	50033	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.464044094 CEST	443	50033	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.464488029 CEST	50033	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.464497089 CEST	443	50033	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.507128000 CEST	443	50032	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.507286072 CEST	443	50032	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.507397890 CEST	50032	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.507446051 CEST	50032	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.507460117 CEST	443	50032	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.507494926 CEST	50032	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.507499933 CEST	443	50032	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.511701107 CEST	443	50034	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.512077093 CEST	50034	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.512116909 CEST	443	50034	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.512455940 CEST	50034	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.512465954 CEST	443	50034	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.546236992 CEST	443	50035	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.547121048 CEST	50035	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.547142982 CEST	443	50035	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.547450066 CEST	50035	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.547472000 CEST	443	50035	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.564887047 CEST	443	50033	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.565256119 CEST	443	50033	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.565349102 CEST	50033	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.565543890 CEST	50033	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.565545082 CEST	50033	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.565594912 CEST	443	50033	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.565629005 CEST	443	50033	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.606570959 CEST	443	50034	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.606725931 CEST	443	50034	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.606919050 CEST	50034	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.606997013 CEST	50034	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.607036114 CEST	443	50034	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.607078075 CEST	50034	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.607094049 CEST	443	50034	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.645582914 CEST	443	50035	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.645740032 CEST	443	50035	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.645806074 CEST	50035	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.645833015 CEST	50035	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.645848036 CEST	443	50035	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:04.645859003 CEST	50035	443	192.168.2.6	13.107.246.45
Oct 7, 2024 22:09:04.645864964 CEST	443	50035	13.107.246.45	192.168.2.6
Oct 7, 2024 22:09:14.277312994 CEST	50037	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:09:14.277426004 CEST	443	50037	142.250.185.100	192.168.2.6
Oct 7, 2024 22:09:14.277615070 CEST	50037	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:09:14.277842045 CEST	50037	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:09:14.277861118 CEST	443	50037	142.250.185.100	192.168.2.6
Oct 7, 2024 22:09:14.909787893 CEST	443	50037	142.250.185.100	192.168.2.6
Oct 7, 2024 22:09:14.910077095 CEST	50037	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:09:14.910145998 CEST	443	50037	142.250.185.100	192.168.2.6
Oct 7, 2024 22:09:14.910991907 CEST	443	50037	142.250.185.100	192.168.2.6
Oct 7, 2024 22:09:14.911259890 CEST	50037	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:09:14.911355019 CEST	443	50037	142.250.185.100	192.168.2.6
Oct 7, 2024 22:09:14.954739094 CEST	50037	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:09:19.853750944 CEST	50038	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:19.853859901 CEST	443	50038	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:19.853992939 CEST	50038	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:19.860002041 CEST	50038	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:19.860045910 CEST	443	50038	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:20.713449001 CEST	443	50038	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:20.713553905 CEST	50038	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:20.715742111 CEST	50038	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:20.715775013 CEST	443	50038	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:20.716279030 CEST	443	50038	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:20.718214035 CEST	50038	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:20.718293905 CEST	50038	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:20.718307018 CEST	443	50038	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:20.718401909 CEST	50038	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:20.759447098 CEST	443	50038	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:20.889415026 CEST	443	50038	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:20.890115976 CEST	443	50038	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:20.890185118 CEST	50038	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:20.890312910 CEST	50038	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:20.890333891 CEST	443	50038	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:24.824783087 CEST	443	50037	142.250.185.100	192.168.2.6
Oct 7, 2024 22:09:24.824937105 CEST	443	50037	142.250.185.100	192.168.2.6
Oct 7, 2024 22:09:24.825022936 CEST	50037	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:09:25.149867058 CEST	50037	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:09:25.149909973 CEST	443	50037	142.250.185.100	192.168.2.6
Oct 7, 2024 22:09:25.159064054 CEST	50041	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:25.159106970 CEST	443	50041	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:25.159178972 CEST	50041	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:25.159378052 CEST	50041	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:25.159394026 CEST	443	50041	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:25.208161116 CEST	50042	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:25.208230019 CEST	443	50042	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:25.208359003 CEST	50042	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:25.208677053 CEST	50042	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:25.208693027 CEST	443	50042	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:25.857204914 CEST	443	50041	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:25.857680082 CEST	50041	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:25.857722044 CEST	443	50041	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:25.858050108 CEST	443	50041	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:25.858469963 CEST	50041	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:25.858532906 CEST	443	50041	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:25.858697891 CEST	50041	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:25.858726025 CEST	50041	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:25.858733892 CEST	443	50041	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:25.869864941 CEST	443	50042	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:25.870115042 CEST	50042	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:25.870129108 CEST	443	50042	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:25.870953083 CEST	443	50042	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:25.871361971 CEST	50042	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:25.871473074 CEST	443	50042	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:25.871536016 CEST	50042	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:25.871561050 CEST	50042	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:25.871573925 CEST	443	50042	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:26.168745995 CEST	443	50041	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:26.168956041 CEST	443	50041	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:26.169051886 CEST	50041	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:26.169548988 CEST	50041	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:26.169594049 CEST	443	50041	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:26.376562119 CEST	443	50042	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:26.378575087 CEST	443	50042	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:26.378631115 CEST	50042	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:26.378729105 CEST	50042	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:26.378743887 CEST	443	50042	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:54.636698961 CEST	50044	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:54.636755943 CEST	443	50044	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:54.636872053 CEST	50044	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:54.637705088 CEST	50044	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:54.637723923 CEST	443	50044	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:55.429311037 CEST	443	50044	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:55.429574013 CEST	50044	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:55.433718920 CEST	50044	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:55.433777094 CEST	443	50044	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:55.434211969 CEST	443	50044	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:55.435852051 CEST	50044	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:55.435935020 CEST	50044	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:55.435962915 CEST	443	50044	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:55.436052084 CEST	50044	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:55.483411074 CEST	443	50044	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:55.607183933 CEST	443	50044	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:55.607367992 CEST	443	50044	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:55.607459068 CEST	50044	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:55.607526064 CEST	50044	443	192.168.2.6	40.115.3.253
Oct 7, 2024 22:09:55.607568979 CEST	443	50044	40.115.3.253	192.168.2.6
Oct 7, 2024 22:09:55.787606001 CEST	50045	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:55.787674904 CEST	443	50045	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:55.787755013 CEST	50045	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:55.787996054 CEST	50045	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:55.788009882 CEST	443	50045	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:56.436414003 CEST	443	50045	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:56.436814070 CEST	50045	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:56.436882973 CEST	443	50045	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:56.437412024 CEST	443	50045	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:56.437690973 CEST	50045	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:56.437788963 CEST	443	50045	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:56.437829971 CEST	50045	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:56.437885046 CEST	50045	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:56.437903881 CEST	443	50045	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:56.691724062 CEST	50046	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:56.691826105 CEST	443	50046	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:56.692055941 CEST	50046	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:56.692430973 CEST	50046	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:56.692513943 CEST	443	50046	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:56.727225065 CEST	443	50045	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:56.727503061 CEST	443	50045	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:56.727668047 CEST	50045	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:56.727725983 CEST	50045	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:56.727751017 CEST	443	50045	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:57.327841997 CEST	443	50046	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:57.328263044 CEST	50046	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:57.328300953 CEST	443	50046	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:57.329524040 CEST	443	50046	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:57.329951048 CEST	50046	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:57.329981089 CEST	50046	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:57.329981089 CEST	50046	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:57.329994917 CEST	443	50046	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:57.330140114 CEST	443	50046	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:57.376944065 CEST	50046	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:57.615701914 CEST	443	50046	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:57.615972042 CEST	443	50046	172.217.18.110	192.168.2.6
Oct 7, 2024 22:09:57.616132975 CEST	50046	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:57.616493940 CEST	50046	443	192.168.2.6	172.217.18.110
Oct 7, 2024 22:09:57.616528988 CEST	443	50046	172.217.18.110	192.168.2.6
Oct 7, 2024 22:10:14.331156015 CEST	50047	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:10:14.331248045 CEST	443	50047	142.250.185.100	192.168.2.6
Oct 7, 2024 22:10:14.331330061 CEST	50047	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:10:14.331581116 CEST	50047	443	192.168.2.6	142.250.185.100
Oct 7, 2024 22:10:14.331600904 CEST	443	50047	142.250.185.100	192.168.2.6
Oct 7, 2024 22:10:15.750154972 CEST	443	50047	142.250.185.100	192.168.2.6
Oct 7, 2024 22:10:15.798398018 CEST	50047	443	192.168.2.6	142.250.185.100

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 22:08:09.657814980 CEST	54931	53	192.168.2.6	1.1.1.1
Oct 7, 2024 22:08:09.657984972 CEST	64253	53	192.168.2.6	1.1.1.1
Oct 7, 2024 22:08:09.664997101 CEST	53	54931	1.1.1.1	192.168.2.6
Oct 7, 2024 22:08:09.665869951 CEST	53	57609	1.1.1.1	192.168.2.6
Oct 7, 2024 22:08:09.666672945 CEST	53	64354	1.1.1.1	192.168.2.6
Oct 7, 2024 22:08:09.666857004 CEST	53	64253	1.1.1.1	192.168.2.6
Oct 7, 2024 22:08:10.700531006 CEST	55386	53	192.168.2.6	1.1.1.1
Oct 7, 2024 22:08:10.700874090 CEST	61639	53	192.168.2.6	1.1.1.1
Oct 7, 2024 22:08:10.707515001 CEST	53	55386	1.1.1.1	192.168.2.6
Oct 7, 2024 22:08:10.708178997 CEST	53	61639	1.1.1.1	192.168.2.6
Oct 7, 2024 22:08:10.770956993 CEST	53	60650	1.1.1.1	192.168.2.6
Oct 7, 2024 22:08:14.067167044 CEST	53	59557	1.1.1.1	192.168.2.6
Oct 7, 2024 22:08:14.221316099 CEST	60332	53	192.168.2.6	1.1.1.1
Oct 7, 2024 22:08:14.221484900 CEST	56567	53	192.168.2.6	1.1.1.1
Oct 7, 2024 22:08:14.454515934 CEST	53	56567	1.1.1.1	192.168.2.6
Oct 7, 2024 22:08:14.454539061 CEST	53	60332	1.1.1.1	192.168.2.6
Oct 7, 2024 22:08:16.094274998 CEST	53	63094	1.1.1.1	192.168.2.6
Oct 7, 2024 22:08:19.105537891 CEST	58585	53	192.168.2.6	1.1.1.1
Oct 7, 2024 22:08:19.105961084 CEST	59665	53	192.168.2.6	1.1.1.1
Oct 7, 2024 22:08:19.112457037 CEST	53	58585	1.1.1.1	192.168.2.6
Oct 7, 2024 22:08:19.113070011 CEST	53	59665	1.1.1.1	192.168.2.6
Oct 7, 2024 22:08:20.600142002 CEST	54470	53	192.168.2.6	1.1.1.1
Oct 7, 2024 22:08:20.600142002 CEST	63383	53	192.168.2.6	1.1.1.1
Oct 7, 2024 22:08:20.608485937 CEST	53	63383	1.1.1.1	192.168.2.6
Oct 7, 2024 22:08:20.609460115 CEST	53	54470	1.1.1.1	192.168.2.6
Oct 7, 2024 22:08:27.798784018 CEST	53	52653	1.1.1.1	192.168.2.6
Oct 7, 2024 22:08:46.771756887 CEST	53	55187	1.1.1.1	192.168.2.6
Oct 7, 2024 22:09:09.573678970 CEST	53	51238	1.1.1.1	192.168.2.6
Oct 7, 2024 22:09:09.791563034 CEST	53	65083	1.1.1.1	192.168.2.6
Oct 7, 2024 22:09:21.158282995 CEST	53	54963	1.1.1.1	192.168.2.6
Oct 7, 2024 22:09:25.150150061 CEST	64134	53	192.168.2.6	1.1.1.1
Oct 7, 2024 22:09:25.150289059 CEST	49958	53	192.168.2.6	1.1.1.1
Oct 7, 2024 22:09:25.158303022 CEST	53	49958	1.1.1.1	192.168.2.6
Oct 7, 2024 22:09:25.158653021 CEST	53	64134	1.1.1.1	192.168.2.6
Oct 7, 2024 22:09:38.919338942 CEST	53	53404	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 7, 2024 22:08:09.657814980 CEST	192.168.2.6	1.1.1.1	0x681e	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:09.657984972 CEST	192.168.2.6	1.1.1.1	0x8fa9	Standard query (0)	youtube.com	65	IN (0x0001)	false
Oct 7, 2024 22:08:10.700531006 CEST	192.168.2.6	1.1.1.1	0x502d	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:10.700874090 CEST	192.168.2.6	1.1.1.1	0x109f	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 22:08:14.221316099 CEST	192.168.2.6	1.1.1.1	0x575c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:14.221484900 CEST	192.168.2.6	1.1.1.1	0x59af	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 7, 2024 22:08:19.105537891 CEST	192.168.2.6	1.1.1.1	0xe4f1	Standard query (0)	accounts.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:19.105961084 CEST	192.168.2.6	1.1.1.1	0xc369	Standard query (0)	accounts.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 22:08:20.600142002 CEST	192.168.2.6	1.1.1.1	0xe45d	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:20.600142002 CEST	192.168.2.6	1.1.1.1	0x5b0f	Standard query (0)	play.google.com	65	IN (0x0001)	false
Oct 7, 2024 22:09:25.150150061 CEST	192.168.2.6	1.1.1.1	0x7dc6	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:09:25.150289059 CEST	192.168.2.6	1.1.1.1	0x3665	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 7, 2024 22:08:09.664997101 CEST	1.1.1.1	192.168.2.6	0x681e	No error (0)	youtube.com		142.250.186.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:09.666857004 CEST	1.1.1.1	192.168.2.6	0x8fa9	No error (0)	youtube.com			65	IN (0x0001)	false
Oct 7, 2024 22:08:10.707515001 CEST	1.1.1.1	192.168.2.6	0x502d	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 22:08:10.707515001 CEST	1.1.1.1	192.168.2.6	0x502d	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:10.707515001 CEST	1.1.1.1	192.168.2.6	0x502d	No error (0)	youtube-ui.l.google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:10.707515001 CEST	1.1.1.1	192.168.2.6	0x502d	No error (0)	youtube-ui.l.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:10.707515001 CEST	1.1.1.1	192.168.2.6	0x502d	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:10.707515001 CEST	1.1.1.1	192.168.2.6	0x502d	No error (0)	youtube-ui.l.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:10.707515001 CEST	1.1.1.1	192.168.2.6	0x502d	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:10.707515001 CEST	1.1.1.1	192.168.2.6	0x502d	No error (0)	youtube-ui.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:10.707515001 CEST	1.1.1.1	192.168.2.6	0x502d	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:10.707515001 CEST	1.1.1.1	192.168.2.6	0x502d	No error (0)	youtube-ui.l.google.com		172.217.18.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:10.707515001 CEST	1.1.1.1	192.168.2.6	0x502d	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:10.707515001 CEST	1.1.1.1	192.168.2.6	0x502d	No error (0)	youtube-ui.l.google.com		142.250.186.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:10.707515001 CEST	1.1.1.1	192.168.2.6	0x502d	No error (0)	youtube-ui.l.google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:10.707515001 CEST	1.1.1.1	192.168.2.6	0x502d	No error (0)	youtube-ui.l.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:10.707515001 CEST	1.1.1.1	192.168.2.6	0x502d	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:10.707515001 CEST	1.1.1.1	192.168.2.6	0x502d	No error (0)	youtube-ui.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:10.707515001 CEST	1.1.1.1	192.168.2.6	0x502d	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:10.708178997 CEST	1.1.1.1	192.168.2.6	0x109f	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 22:08:10.708178997 CEST	1.1.1.1	192.168.2.6	0x109f	No error (0)	youtube-ui.l.google.com			65	IN (0x0001)	false
Oct 7, 2024 22:08:14.454515934 CEST	1.1.1.1	192.168.2.6	0x59af	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 7, 2024 22:08:14.454539061 CEST	1.1.1.1	192.168.2.6	0x575c	No error (0)	www.google.com		142.250.185.100	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:19.112457037 CEST	1.1.1.1	192.168.2.6	0xe4f1	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 22:08:19.112457037 CEST	1.1.1.1	192.168.2.6	0xe4f1	No error (0)	www3.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:08:19.113070011 CEST	1.1.1.1	192.168.2.6	0xc369	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 22:08:20.609460115 CEST	1.1.1.1	192.168.2.6	0xe45d	No error (0)	play.google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 22:09:25.158653021 CEST	1.1.1.1	192.168.2.6	0x7dc6	No error (0)	play.google.com		172.217.18.110	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

youtube.com

www.youtube.com

otelrules.azureedge.net

fs.microsoft.com

https:

accounts.youtube.com

play.google.com

www.google.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49713	142.250.186.142	443	5716	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:10 UTC	847	OUT	GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1 Host: youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw== Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 20:08:10 UTC	1704	IN	HTTP/1.1 301 Moved Permanently Content-Type: application/binary X-Content-Type-Options: nosniff Expires: Mon, 07 Oct 2024 20:08:10 GMT Date: Mon, 07 Oct 2024 20:08:10 GMT Cache-Control: private, max-age=31536000 Location: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Frame-Options: SAMEORIGIN Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Content-Security-Policy: require-trusted-types-for 'script' Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49714	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:10 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4b 71 65 74 48 79 63 71 38 30 57 2b 42 38 43 52 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 38 63 31 63 61 37 63 30 36 61 33 39 66 34 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: KqetHycq80W+B8CR.1Context: a8c1ca7c06a39f42
2024-10-07 20:08:10 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-07 20:08:10 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4b 71 65 74 48 79 63 71 38 30 57 2b 42 38 43 52 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 38 63 31 63 61 37 63 30 36 61 33 39 66 34 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 46 75 30 73 35 63 37 32 43 31 2f 73 42 61 2b 39 69 55 71 4c 72 51 4c 6a 76 53 79 4d 78 75 6c 53 54 62 4f 70 6d 78 41 51 76 52 35 32 47 6a 69 4c 70 4c 70 44 47 34 32 4f 63 4c 54 2f 34 6e 6f 30 5a 39 33 41 57 4e 61 78 43 4b 56 44 79 70 32 6e 35 6e 30 55 2f 39 53 54 57 45 71 2b 56 65 74 43 51 6c 4e 30 73 4e 63 67 51 41 4c 4b Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: KqetHycq80W+B8CR.2Context: a8c1ca7c06a39f42<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfFu0s5c72C1/sBa+9iUqLrQLjvSyMxulSTbOpmxAQvR52GjiLpLpDG42OcLT/4no0Z93AWNaxCKVDyp2n5n0U/9STWEq+VetCQlN0sNcgQALK
2024-10-07 20:08:10 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4b 71 65 74 48 79 63 71 38 30 57 2b 42 38 43 52 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 38 63 31 63 61 37 63 30 36 61 33 39 66 34 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: KqetHycq80W+B8CR.3Context: a8c1ca7c06a39f42<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-07 20:08:10 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-07 20:08:10 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 33 72 63 4c 41 5a 4f 55 47 6b 71 63 53 64 75 44 35 78 55 55 36 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 3rcLAZOUGkqcSduD5xUU6A.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49717	142.250.184.238	443	5716	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:11 UTC	865	OUT	GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1 Host: www.youtube.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw== Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 20:08:11 UTC	2634	IN	HTTP/1.1 303 See Other Content-Type: application/binary X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 20:08:11 GMT Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script' Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Mon, 07-Oct-2024 20:38:11 GMT; Path=/; Secure; HttpOnly Set-Cookie: YSC=2ZY7VzwWlec; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_INFO1_LIVE=IH0suxUmCiU; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 20:08:11 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgXQ%3D%3D; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 20:08:11 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49725	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:15 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 20:08:15 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF45) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=160647 Date: Mon, 07 Oct 2024 20:08:15 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	49728	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:16 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:16 UTC	540	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:15 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Sun, 06 Oct 2024 16:59:23 GMT ETag: "0x8DCE6283A3FA58B" x-ms-request-id: 86eceaf5-401e-00a3-6fa2-188b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200815Z-1657d5bbd48qjg85buwfdynm5w0000000430000000009wz7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:16 UTC	15844	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-07 20:08:16 UTC	16384	IN	Data Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
2024-10-07 20:08:16 UTC	16384	IN	Data Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
2024-10-07 20:08:16 UTC	16384	IN	Data Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
2024-10-07 20:08:16 UTC	16384	IN	Data Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
2024-10-07 20:08:16 UTC	16384	IN	Data Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
2024-10-07 20:08:16 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
2024-10-07 20:08:16 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
2024-10-07 20:08:16 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
2024-10-07 20:08:16 UTC	16384	IN	Data Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49729	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:16 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 20:08:16 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=160582 Date: Mon, 07 Oct 2024 20:08:16 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-07 20:08:16 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49738	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:17 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:17 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:17 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: b27588a3-a01e-003d-6001-1798d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200817Z-1657d5bbd48lknvp09v995n79000000003q0000000001ypc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:17 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49734	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:17 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:17 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:17 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: d4448e94-101e-00a2-2703-179f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200817Z-1657d5bbd48sqtlf1huhzuwq7000000003mg00000000va6n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:17 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49737	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:17 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:17 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: c59bb0f9-701e-0097-2d01-17b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200817Z-1657d5bbd48tnj6wmberkg2xy800000003zg00000000r49r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:17 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49736	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:17 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:17 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 8aaf7b13-d01e-0028-46fd-167896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200817Z-1657d5bbd48lknvp09v995n79000000003kg00000000hufe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:17 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	49735	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:17 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:17 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 4545068c-701e-0050-0e05-176767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200817Z-1657d5bbd482krtfgrg72dfbtn00000003t0000000004nxt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:17 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49742	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:18 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:18 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:18 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 73fc0cc0-d01e-008e-5fee-16387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200818Z-1657d5bbd48qjg85buwfdynm5w000000044g000000002n02 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:18 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49741	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:18 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:18 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:18 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: ec2fedbd-401e-0083-3ba5-18075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200818Z-1657d5bbd48hzllksrq1r6zsvs000000014g00000000nqhq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:18 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	49740	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:18 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:18 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:18 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 3ea0840d-701e-0053-1012-173a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200818Z-1657d5bbd48762wn1qw4s5sd3000000003s000000000ug05 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:18 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.6	49744	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:18 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:18 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:18 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 87fc294c-201e-0051-40f3-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200818Z-1657d5bbd48t66tjar5xuq22r800000003zg0000000084b4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:18 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.6	49743	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:18 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:18 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:18 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 15158de7-401e-0029-4b00-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200818Z-1657d5bbd48dfrdj7px744zp8s00000003tg00000000385n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:18 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.6	49745	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:18 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 42 45 78 4f 4d 43 2f 6f 4c 30 32 2b 46 71 32 4e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 62 32 36 34 38 39 34 61 38 35 39 34 63 64 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: BExOMC/oL02+Fq2N.1Context: fb264894a8594cd8
2024-10-07 20:08:18 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-07 20:08:18 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 42 45 78 4f 4d 43 2f 6f 4c 30 32 2b 46 71 32 4e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 62 32 36 34 38 39 34 61 38 35 39 34 63 64 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 46 75 30 73 35 63 37 32 43 31 2f 73 42 61 2b 39 69 55 71 4c 72 51 4c 6a 76 53 79 4d 78 75 6c 53 54 62 4f 70 6d 78 41 51 76 52 35 32 47 6a 69 4c 70 4c 70 44 47 34 32 4f 63 4c 54 2f 34 6e 6f 30 5a 39 33 41 57 4e 61 78 43 4b 56 44 79 70 32 6e 35 6e 30 55 2f 39 53 54 57 45 71 2b 56 65 74 43 51 6c 4e 30 73 4e 63 67 51 41 4c 4b Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: BExOMC/oL02+Fq2N.2Context: fb264894a8594cd8<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfFu0s5c72C1/sBa+9iUqLrQLjvSyMxulSTbOpmxAQvR52GjiLpLpDG42OcLT/4no0Z93AWNaxCKVDyp2n5n0U/9STWEq+VetCQlN0sNcgQALK
2024-10-07 20:08:18 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 42 45 78 4f 4d 43 2f 6f 4c 30 32 2b 46 71 32 4e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 62 32 36 34 38 39 34 61 38 35 39 34 63 64 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: BExOMC/oL02+Fq2N.3Context: fb264894a8594cd8<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-07 20:08:18 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-07 20:08:18 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 73 2f 46 72 32 58 63 57 38 45 2b 64 34 4e 4d 42 62 7a 63 67 59 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: s/Fr2XcW8E+d4NMBbzcgYA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.6	49757	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:19 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:19 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 99ffd5e0-b01e-0053-0101-17cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200819Z-1657d5bbd482lxwq1dp2t1zwkc00000003m0000000010kyk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:19 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.6	49754	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:19 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:19 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: bf7deccb-401e-0064-0f0e-1754af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200819Z-1657d5bbd48762wn1qw4s5sd3000000003x0000000003heu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:19 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.6	49755	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:19 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:19 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 0a3893d3-c01e-0082-33ee-16af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200819Z-1657d5bbd48tqvfc1ysmtbdrg000000003ug00000000ea6f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:19 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.6	49753	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:19 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:19 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 789c8418-601e-0032-5905-17eebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200819Z-1657d5bbd48762wn1qw4s5sd3000000003ug00000000ena4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:19 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.6	49756	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:19 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:19 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 915c1ee4-001e-0079-3000-1712e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200819Z-1657d5bbd4824mj9d6vp65b6n4000000046g0000000097gg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:19 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	49759	172.217.18.14	443	5716	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:19 UTC	1212	OUT	GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1739255837&timestamp=1728331698245 HTTP/1.1 Host: accounts.youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw== Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 20:08:20 UTC	1969	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: ALLOW-FROM https://accounts.google.com Content-Security-Policy: frame-ancestors https://accounts.google.com Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-WZ2q6SugjObKHjYp9HUz0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 20:08:19 GMT Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: cross-origin reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmLw0JBikPj6kkkDiJ3SZ7AGAXHSv_OsRUB8ufsS63UgVu25xGoKxEUSV1ibgFiIh2Pz_wk72AR-3FxznVlJLym_MD4zJTWvJLOkMiU_NzEzLzk_Pzsztbg4tagstSjeyMDIxMDSyFLPwCK-wAAA-WEuBw" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 20:08:20 UTC	1969	IN	Data Raw: 37 36 31 63 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 57 5a 32 71 36 53 75 67 6a 4f 62 4b 48 6a 59 70 39 48 55 7a 30 67 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f Data Ascii: 761c<html><head><script nonce="WZ2q6SugjObKHjYp9HUz0g">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs\|\|{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
2024-10-07 20:08:20 UTC	1969	IN	Data Raw: 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28 Data Ascii: Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\\(
2024-10-07 20:08:20 UTC	1969	IN	Data Raw: 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 69 67 69 6e 74 22 3a 72 65 74 75 72 6e 28 41 61 3f 0a 61 3e 3d 42 61 26 26 61 3c 3d 43 61 3a 61 5b 30 5d 3d 3d 3d 22 2d 22 3f 75 61 28 61 2c 44 61 29 3a 75 61 28 61 2c 45 61 29 29 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 43 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 46 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e Data Ascii: tch(typeof a){case "number":return isFinite(a)?a:String(a);case "bigint":return(Aa?a>=Ba&&a<=Ca:a[0]==="-"?ua(a,Da):ua(a,Ea))?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(C(a))return}else if(Fa&&a!=null&&a in
2024-10-07 20:08:20 UTC	1969	IN	Data Raw: 7b 76 61 72 20 62 3b 69 66 28 61 26 26 28 62 3d 51 61 29 21 3d 6e 75 6c 6c 26 26 62 2e 68 61 73 28 61 29 26 26 28 62 3d 61 2e 43 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 3b 69 66 28 63 3d 3d 3d 62 2e 6c 65 6e 67 74 68 2d 31 26 26 41 28 64 29 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 7b 76 61 72 20 66 3d 64 5b 65 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 66 29 26 26 0a 52 61 28 66 2c 61 29 7d 65 6c 73 65 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 64 29 26 26 52 61 28 64 2c 61 29 7d 61 3d 45 3f 61 2e 43 3a 4d 61 28 61 2e 43 2c 50 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 65 3d 21 45 3b 69 66 28 62 3d 61 2e 6c 65 6e 67 74 68 29 7b 64 3d 61 5b 62 2d Data Ascii: {var b;if(a&&(b=Qa)!=null&&b.has(a)&&(b=a.C))for(var c=0;c<b.length;c++){var d=b[c];if(c===b.length-1&&A(d))for(var e in d){var f=d[e];Array.isArray(f)&&Ra(f,a)}else Array.isArray(d)&&Ra(d,a)}a=E?a.C:Ma(a.C,Pa,void 0,void 0,!1);e=!E;if(b=a.length){d=a[b-
2024-10-07 20:08:20 UTC	1969	IN	Data Raw: 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 63 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 57 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 Data Ascii: ol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Wa[b[c]];typeof d==="function"&&type
2024-10-07 20:08:20 UTC	1969	IN	Data Raw: 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 2e 67 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6b 29 7b 6b 3d 48 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 49 28 6b 2c 66 29 29 Data Ascii: );e("freeze");e("preventExtensions");e("seal");var h=0,g=function(k){this.g=(h+=Math.random()+1).toString();if(k){k=H(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};g.prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);if(!I(k,f))
2024-10-07 20:08:20 UTC	1969	IN	Data Raw: 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 Data Ascii: urn g.value})};c.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"\|\|l=="function"?b.has(k)
2024-10-07 20:08:20 UTC	1969	IN	Data Raw: 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 66 62 3d 66 62 7c 7c 7b 7d 2c 71 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 67 62 3d 71 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 71 2c 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 62 3d 62 5b 61 5b 63 5d 5d 2c 62 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 7d 2c 69 62 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45 Data Ascii: on(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var fb=fb\|\|{},q=this\|\|self,gb=q._F_toggles\|\|[],hb=function(a){a=a.split(".");for(var b=q,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b},ib="closure_uid_"+(Math.random()*1E
2024-10-07 20:08:20 UTC	1969	IN	Data Raw: 74 65 78 74 5f 5f 39 38 34 33 38 32 3d 7b 7d 29 3b 61 2e 5f 5f 63 6c 6f 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 2e 73 65 76 65 72 69 74 79 3d 62 7d 3b 76 61 72 20 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 71 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 67 2c 6b 2c 6c 29 7b 64 26 26 64 28 66 2c 68 2c 67 2c 6b 2c 6c 29 3b 61 28 7b 6d 65 73 73 61 67 65 3a 66 2c 66 69 6c 65 4e 61 6d 65 3a 68 2c 6c 69 6e 65 3a 67 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 67 2c 62 61 3a 6b 2c 65 72 72 6f 72 3a 6c 7d 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 74 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 68 Data Ascii: text__984382={});a.__closure__error__context__984382.severity=b};var qb=function(a,b,c){c=c\|\|q;var d=c.onerror,e=!!b;c.onerror=function(f,h,g,k,l){d&&d(f,h,g,k,l);a({message:f,fileName:h,line:g,lineNumber:g,ba:k,error:l});return e}},tb=function(a){var b=h
2024-10-07 20:08:20 UTC	1969	IN	Data Raw: 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 73 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a 74 79 70 65 6f 66 20 66 7d 66 2e 6c 65 6e 67 74 68 3e 34 30 26 26 28 66 3d 66 2e 73 6c 69 63 65 28 30 2c 34 30 29 2b 22 2e 2e 2e 22 29 3b 63 2e 70 75 73 68 28 66 29 7d 62 2e 70 75 73 68 28 61 29 3b 63 2e 70 75 73 68 28 22 29 5c 6e 22 29 3b 74 72 79 7b 63 2e 70 75 73 68 28 77 62 28 61 2e 63 61 6c 6c 65 72 2c 62 29 29 7d 63 61 74 63 68 28 68 29 7b 63 2e 70 75 73 68 28 22 5b 65 78 63 65 70 74 69 6f 6e Data Ascii: "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=sb(f))?f:"[fn]";break;default:f=typeof f}f.length>40&&(f=f.slice(0,40)+"...");c.push(f)}b.push(a);c.push(")\n");try{c.push(wb(a.caller,b))}catch(h){c.push("[exception

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.6	49763	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:19 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:19 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 5a59384b-a01e-0053-3602-178603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200819Z-1657d5bbd48lknvp09v995n79000000003eg000000013nqv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:19 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.6	49765	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:19 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:19 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: d3d0b776-b01e-003d-1803-17d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200819Z-1657d5bbd48wd55zet5pcra0cg00000003y000000000eb6w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:19 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.6	49760	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:19 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:20 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:19 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: e72ec3ca-501e-005b-2401-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200819Z-1657d5bbd48t66tjar5xuq22r800000003x000000000kt75 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:20 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.6	49761	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:19 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:20 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:19 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 27ba9a72-001e-0046-2a01-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200819Z-1657d5bbd482krtfgrg72dfbtn00000003mg00000000ufxs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:20 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.6	49762	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:19 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:20 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:19 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: c2d0a885-201e-0003-7ced-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200819Z-1657d5bbd48qjg85buwfdynm5w0000000440000000004r4h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:20 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.6	49769	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:20 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:20 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:20 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: f57b7c9f-801e-00a0-4a13-172196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200820Z-1657d5bbd48sdh4cyzadbb374800000003wg000000003r9g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:20 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.6	49767	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:20 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:20 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:20 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 09392ef7-101e-0046-3f05-1791b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200820Z-1657d5bbd48xlwdx82gahegw400000000470000000006p84 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:20 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.6	49768	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:20 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:20 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:20 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 20b36261-201e-006e-7102-17bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200820Z-1657d5bbd48sdh4cyzadbb374800000003u000000000dtkf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:20 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.6	49770	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:20 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:20 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:20 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: d112c6a6-a01e-000d-2160-17d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200820Z-1657d5bbd482lxwq1dp2t1zwkc00000003ng00000000t7q8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:20 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.6	49771	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:20 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:20 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:20 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 6be05283-001e-00a2-2700-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200820Z-1657d5bbd48q6t9vvmrkd293mg00000003u000000000z6td x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:20 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.6	49772	172.217.16.206	443	5716	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:21 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 20:08:21 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 20:08:21 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.6	49774	172.217.16.206	443	5716	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:21 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 20:08:21 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 20:08:21 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.6	49776	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:21 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:21 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 40323690-a01e-0002-0100-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200821Z-1657d5bbd48t66tjar5xuq22r800000003z0000000009u3f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:21 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.6	49779	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:21 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:21 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: d415a278-e01e-0051-6efe-1684b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200821Z-1657d5bbd48xdq5dkwwugdpzr0000000049000000000ew36 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:21 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.6	49778	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:21 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:21 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 7cec3a6f-e01e-0033-3414-174695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200821Z-1657d5bbd48q6t9vvmrkd293mg000000040g000000003vqf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:21 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.6	49777	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:21 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:21 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: c530354f-501e-0016-5013-17181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200821Z-1657d5bbd48qjg85buwfdynm5w000000042000000000e0fn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:21 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.6	49780	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:21 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:21 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 688d2aae-a01e-0084-3466-179ccd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200821Z-1657d5bbd48tqvfc1ysmtbdrg000000003q00000000100r8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:21 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.6	49782	172.217.16.206	443	5716	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:22 UTC	1120	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 519 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw== Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 20:08:22 UTC	519	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 34 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 33 31 36 39 39 37 34 35 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.134"],[1,0,0,0,0]]],1828,[["1728331699745",null,null,null
2024-10-07 20:08:22 UTC	933	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=f0FbycQdUG8J3zd4viLB55GlikUiQjl3VSaOd5YVrXBbfPO7tCEoyFrZvjWjx6wywNatK6g8CXYCe6uUJwL-v5bcSNPTuNJpn_gyhD1CGQz0WYsZfSbtBqGIlhTpguxDqORQ4jqo2_G7KTQDzmV0lVnx67JuFE1Uyvu9VJh2B1Lt8ReEEik; expires=Tue, 08-Apr-2025 20:08:22 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 20:08:22 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 20:08:22 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 20:08:22 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 20:08:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.6	49783	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:22 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:22 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 13aa935b-d01e-0014-4baa-18ed58000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200822Z-1657d5bbd48hzllksrq1r6zsvs000000016g00000000e2d3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:22 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.6	49784	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:22 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:22 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: b27116a7-a01e-003d-3a00-1798d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200822Z-1657d5bbd487nf59mzf5b3gk8n00000003hg00000000mkkq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:22 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.6	49785	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:22 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:22 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: a62739ea-301e-005d-6402-17e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200822Z-1657d5bbd48sqtlf1huhzuwq7000000003k0000000012hqr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:22 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.6	49787	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:22 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:22 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: a2d01d3c-801e-0083-4800-17f0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200822Z-1657d5bbd48xlwdx82gahegw40000000043g00000000pu1k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:22 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.6	49786	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:22 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:22 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 92e59db7-001e-002b-6700-1799f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200822Z-1657d5bbd4824mj9d6vp65b6n4000000041g00000000yphg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:22 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.6	49788	172.217.16.206	443	5716	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:22 UTC	1120	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 519 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw== Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 20:08:22 UTC	519	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 34 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 33 31 36 39 39 38 34 35 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.134"],[1,0,0,0,0]]],1828,[["1728331699845",null,null,null
2024-10-07 20:08:22 UTC	932	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=CPonOAX4vi-o5orEDm8tlwgzdoFFnlZ56l3X3g0f14o06O-MdAA56zbO85l_CS-ItCvEmbtFn1pmcTwswbd6zOtGHCpfoxFe3QpDXKSeub7DRe7QO006kdtQwZjMQsT_XKbAglHkYwHxREezy7PaBfY4Bj6OiSkSuBt3lIOwM1urCoXIbw; expires=Tue, 08-Apr-2025 20:08:22 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 20:08:22 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 20:08:22 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 20:08:22 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 20:08:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.6	49724	142.250.185.100	443	5716	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:22 UTC	1209	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw== Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=CPonOAX4vi-o5orEDm8tlwgzdoFFnlZ56l3X3g0f14o06O-MdAA56zbO85l_CS-ItCvEmbtFn1pmcTwswbd6zOtGHCpfoxFe3QpDXKSeub7DRe7QO006kdtQwZjMQsT_XKbAglHkYwHxREezy7PaBfY4Bj6OiSkSuBt3lIOwM1urCoXIbw
2024-10-07 20:08:22 UTC	705	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Mon, 07 Oct 2024 17:53:36 GMT Expires: Tue, 15 Oct 2024 17:53:36 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 8086 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-07 20:08:22 UTC	685	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-10-07 20:08:22 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-10-07 20:08:22 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-10-07 20:08:22 UTC	1390	IN	Data Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-10-07 20:08:22 UTC	575	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.6	49796	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:22 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:23 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:23 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 7464e811-e01e-001f-64f2-181633000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200823Z-1657d5bbd482krtfgrg72dfbtn00000003pg00000000kprx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 20:08:23 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.6	49793	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:22 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:23 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 4dd19665-401e-005b-7705-179c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200823Z-1657d5bbd48jwrqbupe3ktsx9w000000046000000000bhuc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:23 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.6	49797	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:22 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:23 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: b2c548d6-d01e-0082-4f03-17e489000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200823Z-1657d5bbd48sdh4cyzadbb374800000003v0000000008khv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:23 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.6	49794	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:22 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:23 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 151ca1e1-401e-0029-2b03-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200823Z-1657d5bbd48brl8we3nu8cxwgn00000004bg0000000035z4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:23 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.6	49795	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:23 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:22 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: db28b7eb-d01e-0065-5efe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200822Z-1657d5bbd48sqtlf1huhzuwq7000000003sg0000000054zw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:23 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.6	49792	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:23 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oDEVv+Bx+x8Od8V&MD=ZcSUgmVz HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 20:08:23 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: df6fefd0-79d4-4a2a-92cb-73603a80f7c9 MS-RequestId: bc6a3f3a-d410-4fb1-9503-bd975d3fa00b MS-CV: l6N+UaE9Dku8XmPy.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 20:08:22 GMT Connection: close Content-Length: 24490
2024-10-07 20:08:23 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-07 20:08:23 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.6	49803	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:23 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:23 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 5e879109-c01e-00a2-3e73-172327000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200823Z-1657d5bbd48vlsxxpe15ac3q7n00000003xg00000000gzhz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:23 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.6	49805	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:23 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:23 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: cb78c1b2-201e-003f-2e04-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200823Z-1657d5bbd48xlwdx82gahegw40000000041000000001221m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:23 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.6	49801	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:23 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:23 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 678daa67-201e-00aa-3f60-173928000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200823Z-1657d5bbd48t66tjar5xuq22r800000003yg00000000dn2b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:23 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.6	49804	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:23 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:23 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 721d8bd8-801e-002a-4f00-1731dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200823Z-1657d5bbd482krtfgrg72dfbtn00000003s0000000009cek x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:23 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.6	49808	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:24 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:24 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 27b6de9f-001e-0046-1e00-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200824Z-1657d5bbd48tqvfc1ysmtbdrg000000003sg00000000prfx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:24 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.6	49811	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:24 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:24 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 4d501e36-901e-0029-1978-18274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200824Z-1657d5bbd48hzllksrq1r6zsvs00000001900000000029t1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:24 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.6	49809	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:24 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:24 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 04801829-801e-00ac-6301-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200824Z-1657d5bbd48vhs7r2p1ky7cs5w000000045g00000000vqc4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:24 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.6	49810	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:24 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:24 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 2f3972b1-401e-0035-1b02-1782d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200824Z-1657d5bbd48vlsxxpe15ac3q7n00000003x000000000mq18 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:24 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.6	49802	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:24 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:24 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: c5dbf9be-001e-0017-2cf1-160c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200824Z-1657d5bbd48tnj6wmberkg2xy800000003xg000000010640 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:25 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.6	49817	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:25 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:25 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 938e68e0-901e-0029-0160-17274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200825Z-1657d5bbd487nf59mzf5b3gk8n00000003gg00000000thag x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:25 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.6	49815	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:25 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:25 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 3a03d6b9-d01e-0066-52e9-16ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200825Z-1657d5bbd4824mj9d6vp65b6n400000004100000000130ty x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:25 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.6	49814	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:25 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:25 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: cde3aec9-601e-0084-63e5-166b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200825Z-1657d5bbd48cpbzgkvtewk0wu000000003z000000000sfvw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:25 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.6	49816	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:25 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:25 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 678513bd-b01e-0053-4460-17cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200825Z-1657d5bbd48gqrfwecymhhbfm800000002rg00000000pntf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:25 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.6	49818	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:25 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:26 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: d803a4ff-401e-0083-3904-17075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200825Z-1657d5bbd48sdh4cyzadbb374800000003rg00000000rw39 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:26 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.6	49822	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:26 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:26 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: e72b6989-501e-005b-2b00-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200826Z-1657d5bbd482lxwq1dp2t1zwkc00000003m0000000010mg9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:26 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.6	49819	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:26 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:26 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: b0fdb72d-401e-0015-37ce-160e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200826Z-1657d5bbd48lknvp09v995n79000000003hg00000000qtdu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:26 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.6	49820	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:26 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:26 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 8a5b80a7-801e-0067-69f1-18fe30000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200826Z-1657d5bbd48qjg85buwfdynm5w00000003xg00000000zk4m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:26 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.6	49821	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:26 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:26 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 8d044b15-901e-00ac-3902-17b69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200826Z-1657d5bbd482lxwq1dp2t1zwkc00000003p000000000qxx6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:26 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.6	49823	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:26 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:26 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 963c402d-c01e-00ad-09ed-18a2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200826Z-1657d5bbd48xdq5dkwwugdpzr0000000049g00000000btws x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:26 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.6	49825	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:27 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:27 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 78a0432a-701e-001e-1805-17f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200827Z-1657d5bbd487nf59mzf5b3gk8n00000003q0000000002hm6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:27 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.6	49824	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:27 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:27 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: a5e58c1d-b01e-00ab-5ac9-16dafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200827Z-1657d5bbd482krtfgrg72dfbtn00000003u0000000000we5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:27 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.6	49827	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:27 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:27 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 2f519f63-901e-0016-75ff-16efe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200827Z-1657d5bbd48qjg85buwfdynm5w000000040g00000000mpg9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:27 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.6	49826	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:27 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:27 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: ef9cab6f-f01e-0099-0d00-179171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200827Z-1657d5bbd48tqvfc1ysmtbdrg000000003xg000000001nkq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:27 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.6	49828	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:27 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:27 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:27 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 138bd55e-101e-008e-1df4-18cf88000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200827Z-1657d5bbd48t66tjar5xuq22r800000003vg00000000udh2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-07 20:08:27 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.6	49829	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:28 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:28 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 821e4157-c01e-0014-3301-17a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200828Z-1657d5bbd48t66tjar5xuq22r800000003x000000000ktwe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:28 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.6	49830	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:28 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:27 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 1e2677b8-c01e-0014-3bed-18a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200827Z-1657d5bbd48qjg85buwfdynm5w00000003y000000000ypy1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:28 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.6	49831	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:28 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:28 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 897bc565-f01e-0096-5e60-1710ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200828Z-1657d5bbd48tqvfc1ysmtbdrg000000003sg00000000prqw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:28 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.6	49832	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:28 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:28 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 01bf113a-f01e-003c-3703-178cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200828Z-1657d5bbd48vlsxxpe15ac3q7n00000003vg00000000u4kv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:28 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.6	49833	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:28 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:28 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 7875ffac-201e-000c-7f02-1779c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200828Z-1657d5bbd48q6t9vvmrkd293mg000000040g000000003w9p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:28 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.6	49837	172.217.16.206	443	5716	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:28 UTC	1294	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1221 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw== Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=CPonOAX4vi-o5orEDm8tlwgzdoFFnlZ56l3X3g0f14o06O-MdAA56zbO85l_CS-ItCvEmbtFn1pmcTwswbd6zOtGHCpfoxFe3QpDXKSeub7DRe7QO006kdtQwZjMQsT_XKbAglHkYwHxREezy7PaBfY4Bj6OiSkSuBt3lIOwM1urCoXIbw
2024-10-07 20:08:28 UTC	1221	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 34 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 38 33 33 31 36 39 37 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.134"],[4,0,0,0,0]]],558,[["1728331697000",null,null,null,
2024-10-07 20:08:29 UTC	940	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=XW4pUP_sUv1Rb9IyghV11kwV6eP9fY3XSI7uBL5Lq-btcY4LQABez7CMD31EpAKvanfdomOpOdXg8vfXFUO016bQC4pOdhID4FPuk4jLSAfNJCEVXxhymvtUvhSn7t3ISCB1iigTFmm4h-To8oJYn4N5VLEGIslcHCso0cc4KEbcE1UzPf-uUxdmkw; expires=Tue, 08-Apr-2025 20:08:28 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 20:08:28 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 20:08:28 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 20:08:29 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 20:08:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.6	49836	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:28 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:28 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 2f576d96-401e-0047-3902-178597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200828Z-1657d5bbd48tqvfc1ysmtbdrg000000003xg000000001nqx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:29 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.6	49835	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:28 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:28 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 3c7823fd-401e-0015-0c60-170e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200828Z-1657d5bbd48qjg85buwfdynm5w00000003y000000000yq05 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:29 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.6	49834	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:28 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:28 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 3b7b7106-501e-0064-43e7-161f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200828Z-1657d5bbd482tlqpvyz9e93p54000000042g000000009wr8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:29 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.6	49838	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:28 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:28 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: 010995e9-b01e-001e-0ddc-180214000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200828Z-1657d5bbd48sqtlf1huhzuwq7000000003r000000000c1pr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:29 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.6	49839	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:29 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:29 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: f5ee0945-901e-0083-4202-17bb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200829Z-1657d5bbd482tlqpvyz9e93p5400000004500000000000ry x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:29 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.6	49843	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:29 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:30 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: c2f609cb-201e-0003-75fd-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200830Z-1657d5bbd4824mj9d6vp65b6n4000000044000000000psu2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:30 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.6	49841	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:29 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:30 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:30 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: a5ff6bd9-301e-005d-3af2-16e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200830Z-1657d5bbd48wd55zet5pcra0cg00000003v000000000uecb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:30 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.6	49842	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:29 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:30 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 0c165d1d-a01e-000d-7dfe-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200830Z-1657d5bbd48brl8we3nu8cxwgn000000047000000000qzv6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:30 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.6	49840	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:29 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:30 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 0607cd43-401e-0078-1b00-174d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200830Z-1657d5bbd48jwrqbupe3ktsx9w000000045000000000gfab x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:30 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.6	49844	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:30 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:30 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:30 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 33b4d0ae-a01e-0032-35ff-161949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200829Z-1657d5bbd48qjg85buwfdynm5w0000000430000000009y6z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:30 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.6	49845	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:30 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:30 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:30 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 960edd56-701e-005c-4100-17bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200830Z-1657d5bbd48f7nlxc7n5fnfzh000000003k000000000mewc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:30 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.6	49846	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:30 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:30 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:30 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: b738acd5-401e-0067-1502-1709c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200830Z-1657d5bbd48t66tjar5xuq22r800000003w000000000rduy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:30 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.6	49847	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:30 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:30 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:30 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 8a5fd43d-c01e-0066-4506-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200830Z-1657d5bbd482krtfgrg72dfbtn00000003kg00000000yq95 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:30 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.6	49848	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:30 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:30 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:30 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 0480ed94-801e-00ac-5102-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200830Z-1657d5bbd482krtfgrg72dfbtn00000003mg00000000ugqa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:30 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.6	49849	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:30 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:30 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:30 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: b72ef555-401e-0067-78fe-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200830Z-1657d5bbd48brl8we3nu8cxwgn000000044g000000012qgp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:30 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.6	49850	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:32 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 65 48 75 6a 37 4f 43 41 74 55 53 42 4c 74 78 6c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 35 39 31 34 37 64 39 64 35 33 37 31 62 64 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: eHuj7OCAtUSBLtxl.1Context: 759147d9d5371bdd
2024-10-07 20:08:32 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-07 20:08:32 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 65 48 75 6a 37 4f 43 41 74 55 53 42 4c 74 78 6c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 35 39 31 34 37 64 39 64 35 33 37 31 62 64 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 46 75 30 73 35 63 37 32 43 31 2f 73 42 61 2b 39 69 55 71 4c 72 51 4c 6a 76 53 79 4d 78 75 6c 53 54 62 4f 70 6d 78 41 51 76 52 35 32 47 6a 69 4c 70 4c 70 44 47 34 32 4f 63 4c 54 2f 34 6e 6f 30 5a 39 33 41 57 4e 61 78 43 4b 56 44 79 70 32 6e 35 6e 30 55 2f 39 53 54 57 45 71 2b 56 65 74 43 51 6c 4e 30 73 4e 63 67 51 41 4c 4b Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: eHuj7OCAtUSBLtxl.2Context: 759147d9d5371bdd<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfFu0s5c72C1/sBa+9iUqLrQLjvSyMxulSTbOpmxAQvR52GjiLpLpDG42OcLT/4no0Z93AWNaxCKVDyp2n5n0U/9STWEq+VetCQlN0sNcgQALK
2024-10-07 20:08:32 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 65 48 75 6a 37 4f 43 41 74 55 53 42 4c 74 78 6c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 35 39 31 34 37 64 39 64 35 33 37 31 62 64 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: eHuj7OCAtUSBLtxl.3Context: 759147d9d5371bdd<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-07 20:08:32 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-07 20:08:32 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4d 38 48 38 6b 37 70 45 71 45 53 5a 56 35 7a 52 63 54 64 6a 78 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: M8H8k7pEqESZV5zRcTdjxA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.6	49851	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:32 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:32 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:32 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: db28c537-d01e-0065-47fe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200832Z-1657d5bbd48gqrfwecymhhbfm800000002qg00000000ukan x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:32 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.6	49852	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:32 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:32 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:32 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: cb759915-201e-003f-5f03-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200832Z-1657d5bbd48wd55zet5pcra0cg000000040g000000003wnv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:32 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.6	49855	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:32 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:32 UTC	584	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:32 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 29fe678f-801e-00a0-44e0-182196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200832Z-1657d5bbd48dfrdj7px744zp8s00000003r000000000d9sh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 20:08:32 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.6	49854	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:32 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:32 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:32 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 03c3f781-101e-000b-56fe-165e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200832Z-1657d5bbd48sdh4cyzadbb374800000003q000000000y5fk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:32 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.6	49853	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:32 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:32 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:32 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 84e7aa3f-c01e-008e-74ff-167381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200832Z-1657d5bbd482tlqpvyz9e93p54000000041000000000f88c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:32 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.6	49856	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:33 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:33 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:33 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 29f28342-e01e-003c-5d00-17c70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200833Z-1657d5bbd48qjg85buwfdynm5w0000000430000000009yfc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:33 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.6	49858	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:33 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:33 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:33 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: 6f1c5b1d-901e-0048-485a-17b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200833Z-1657d5bbd487nf59mzf5b3gk8n00000003gg00000000thvp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:33 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.6	49857	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:33 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:33 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:33 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: ae8ecea4-e01e-0071-63de-1808e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200833Z-1657d5bbd48vhs7r2p1ky7cs5w00000004a0000000009byg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:33 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.6	49859	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:33 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:33 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:33 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: 173e0f62-801e-00a3-24fe-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200833Z-1657d5bbd48tqvfc1ysmtbdrg000000003s000000000scv0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:33 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.6	49860	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:33 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:33 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:33 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 6bee43b5-001e-00a2-2106-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200833Z-1657d5bbd48762wn1qw4s5sd3000000003rg00000000z2n1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:33 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.6	49865	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:34 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:34 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:34 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: 52963dc7-601e-0084-0e74-176b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200834Z-1657d5bbd48lknvp09v995n79000000003hg00000000qu1d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:34 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.6	49864	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:34 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:34 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:34 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 87e26173-201e-0051-15e7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200834Z-1657d5bbd48sqtlf1huhzuwq7000000003r000000000c21r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:34 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.6	49863	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:34 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:34 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:34 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: afc7ebd4-e01e-0051-1eef-1884b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200834Z-1657d5bbd48sdh4cyzadbb374800000003u000000000duqg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:34 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.6	49861	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:34 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:34 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:34 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 04600955-801e-00ac-55f4-16fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200834Z-1657d5bbd48xlwdx82gahegw40000000042g00000000wgh6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:34 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.6	49862	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:34 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:34 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:34 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 4035d6e2-a01e-0002-4602-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200834Z-1657d5bbd48vlsxxpe15ac3q7n00000003wg00000000pm0b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:34 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.6	49869	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:34 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:35 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:35 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 7d21ea5d-701e-0098-0502-17395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200835Z-1657d5bbd482krtfgrg72dfbtn00000003r000000000cy2x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:35 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.6	49868	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:34 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:35 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:34 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: 08bf7a15-f01e-0020-7706-17956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200834Z-1657d5bbd48lknvp09v995n79000000003ng0000000083t8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:35 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.6	49866	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:34 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:35 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:35 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 31868579-401e-008c-0af2-1686c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200835Z-1657d5bbd482krtfgrg72dfbtn00000003p000000000ntaq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:35 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.6	49870	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:34 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:35 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:34 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: b6fa471e-401e-0067-43e5-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200834Z-1657d5bbd48t66tjar5xuq22r8000000041g00000000008x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:35 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.6	49873	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:35 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:36 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:35 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 77012b0e-b01e-0097-0bff-164f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200835Z-1657d5bbd48q6t9vvmrkd293mg00000003vg00000000su01 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:36 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.6	49872	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:35 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:36 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:35 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: a18d9b1d-601e-0002-1f03-17a786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200835Z-1657d5bbd48xsz2nuzq4vfrzg800000003rg00000000vf27 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:36 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.6	49871	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:35 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:36 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:35 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: f0964379-001e-0049-4678-185bd5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200835Z-1657d5bbd48hzllksrq1r6zsvs00000001800000000068tt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:36 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.6	49874	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:35 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:36 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:36 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 4d5cca78-701e-0021-6ae5-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200836Z-1657d5bbd48t66tjar5xuq22r800000003vg00000000ue14 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:36 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.6	49877	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:37 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:37 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:37 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: c9f5ea47-201e-0071-33fe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200837Z-1657d5bbd48wd55zet5pcra0cg00000003yg00000000bun6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:37 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.6	49875	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:37 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:37 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:37 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 838d785c-001e-0014-24fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200837Z-1657d5bbd48cpbzgkvtewk0wu0000000042g00000000aagk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:37 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.6	49876	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:37 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:37 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:37 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 635e2ff4-801e-0035-1973-17752a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200837Z-1657d5bbd487nf59mzf5b3gk8n00000003qg000000000ncc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:37 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.6	49878	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:37 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:37 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:37 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 4d8e5842-701e-0021-0efe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200837Z-1657d5bbd487nf59mzf5b3gk8n00000003mg00000000buez x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:37 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.6	49881	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:37 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:37 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:37 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: e1867118-301e-0000-0aac-18eecc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200837Z-1657d5bbd48hzllksrq1r6zsvs000000018000000000690x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:37 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.6	49880	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:37 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:37 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:37 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 8a56303a-c01e-0066-0f01-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200837Z-1657d5bbd48jwrqbupe3ktsx9w000000048g000000000p59 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:37 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.6	49879	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:37 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:38 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:37 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: cd0b82ba-d01e-0049-1304-17e7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200837Z-1657d5bbd48jwrqbupe3ktsx9w000000043000000000tx2w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:38 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.6	49882	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:37 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:38 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:38 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: d3a3eb01-b01e-003d-1ef1-16d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200838Z-1657d5bbd48jwrqbupe3ktsx9w000000044000000000q05x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:38 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.6	49883	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:38 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:38 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:38 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: ca2bab4f-201e-0071-5e14-17ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200838Z-1657d5bbd48tnj6wmberkg2xy8000000041g00000000etq9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:38 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.6	49885	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:38 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:38 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:38 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 4ef38422-401e-000a-160c-174a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200838Z-1657d5bbd482lxwq1dp2t1zwkc00000003u0000000000x3k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:38 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.6	49884	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:38 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:38 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:38 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 4d8e59a4-701e-0021-64fe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200838Z-1657d5bbd48brl8we3nu8cxwgn000000044g000000012r6p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:38 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.6	49886	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:38 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:38 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:38 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: c326dec7-201e-0003-0c12-17f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200838Z-1657d5bbd48qjg85buwfdynm5w00000003yg00000000wza8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:38 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.6	49867	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:39 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:39 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:39 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: f076ebb2-f01e-001f-3766-175dc8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200839Z-1657d5bbd48sdh4cyzadbb374800000003q000000000y61c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:39 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.6	49887	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:39 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:39 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:39 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 75ef523f-601e-000d-02f2-162618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200839Z-1657d5bbd487nf59mzf5b3gk8n00000003kg00000000gw2t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:39 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.6	49888	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:39 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:39 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:39 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: cad35e9e-b01e-0021-3602-17cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200839Z-1657d5bbd48tqvfc1ysmtbdrg000000003t000000000n7ma x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:39 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.6	49889	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:39 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:39 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:39 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: e40f3d43-001e-0034-4cde-18dd04000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200839Z-1657d5bbd48qjg85buwfdynm5w00000003yg00000000wzcw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:39 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.6	49890	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:39 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:39 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:39 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: c9f5e5fc-201e-0071-5dfe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200839Z-1657d5bbd48gqrfwecymhhbfm800000002pg00000000xfp6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:39 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.6	49891	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:40 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:40 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:40 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 3e7839e3-701e-0053-5cff-163a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200840Z-1657d5bbd48lknvp09v995n79000000003kg00000000hw43 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:40 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.6	49892	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:40 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:40 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:40 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: c7b470af-b01e-005c-24fe-164c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200840Z-1657d5bbd48gqrfwecymhhbfm800000002t000000000g5r8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:40 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.6	49894	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:40 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:40 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:40 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: dfa7567c-f01e-003f-67de-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200840Z-1657d5bbd48q6t9vvmrkd293mg00000003z000000000adpc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:40 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.6	49895	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:40 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:40 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:40 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: 20e89b60-501e-008c-3a03-17cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200840Z-1657d5bbd48xlwdx82gahegw40000000042000000000ymm0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:40 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.6	49893	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:40 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:41 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:40 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: 838d7376-001e-0014-17fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200840Z-1657d5bbd48tnj6wmberkg2xy8000000042000000000d4kz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:41 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.6	49896	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:41 UTC	192	OUT	GET /rules/rule702151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:41 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:41 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE156D2EE" x-ms-request-id: 7d18055e-701e-0098-56ff-16395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200841Z-1657d5bbd487nf59mzf5b3gk8n00000003mg00000000but6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:41 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.6	49897	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:41 UTC	192	OUT	GET /rules/rule702150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:41 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:41 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT ETag: "0x8DC582BEDC8193E" x-ms-request-id: b1fbfe33-a01e-003d-4fd4-1698d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200841Z-1657d5bbd48tnj6wmberkg2xy80000000430000000007bq5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:41 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.6	49898	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:42 UTC	192	OUT	GET /rules/rule703001v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:42 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:42 GMT Content-Type: text/xml Content-Length: 1406 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB16F27E" x-ms-request-id: 770fdf22-501e-0035-0d02-17c923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200842Z-1657d5bbd48762wn1qw4s5sd3000000003qg000000011792 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:42 UTC	1406	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.6	49900	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:42 UTC	192	OUT	GET /rules/rule700751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:42 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:42 GMT Content-Type: text/xml Content-Length: 1414 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE03B051D" x-ms-request-id: 4543d13f-701e-0050-5a04-176767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200842Z-1657d5bbd482lxwq1dp2t1zwkc00000003ng00000000t9eh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:42 UTC	1414	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.6	49901	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 20:08:42 UTC	192	OUT	GET /rules/rule700750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 20:08:42 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 20:08:42 GMT Content-Type: text/xml Content-Length: 1377 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT ETag: "0x8DC582BEAFF0125" x-ms-request-id: fba86ca6-e01e-00aa-5200-17ceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T200842Z-1657d5bbd48tqvfc1ysmtbdrg000000003wg000000005r90 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 20:08:42 UTC	1377	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />

Target ID:	0
Start time:	16:08:05
Start date:	07/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x8f0000
File size:	919'040 bytes
MD5 hash:	594A47A9D0FD4CC9E9222E73205F7EC9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	16:08:05
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0xe0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	16:08:05
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	16:08:06
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0xe0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	16:08:06
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	16:08:06
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0xe0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	16:08:06
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	16:08:06
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0xe0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	16:08:06
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	16:08:06
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0xe0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	16:08:06
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	16:08:07
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	16:08:08
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1720 --field-trial-handle=1952,i,5020417510788919816,11130381829757287265,262144 /prefetch:8
Imagebase:	0x7ff66e660000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	16:08:19
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5304 --field-trial-handle=1952,i,5020417510788919816,11130381829757287265,262144 /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	17
Start time:	16:08:19
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1952,i,5020417510788919816,11130381829757287265,262144 /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.8%
Total number of Nodes:	1596
Total number of Limit Nodes:	59

Executed Functions

Function 008F42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 008F430D

Part of subcall function 008F6B57: _wcslen.LIBCMT ref: 008F6B6A

GetCurrentProcess.KERNEL32(?,0098CB64,00000000,?,?), ref: 008F4422
IsWow64Process.KERNEL32(00000000,?,?), ref: 008F4429
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 008F4454
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 008F4466
GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 008F4474
FreeLibrary.KERNEL32(00000000,?,?), ref: 008F447B
GetSystemInfo.KERNEL32(?,?,?), ref: 008F44A0

Strings

GetNativeSystemInfo, xrefs: 008F4460
kernel32.dll, xrefs: 008F444F
|O, xrefs: 009336F8

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: 9ae6626ae4ce1213e3c470e772e2a5d297c80db4a36ed485de23b59124e57603
Instruction ID: 6738fb1f2eaf36c6373c33b92e69cc0e10ad161c1f305a7a5ab0976416e3188e
Opcode Fuzzy Hash: 9ae6626ae4ce1213e3c470e772e2a5d297c80db4a36ed485de23b59124e57603
Instruction Fuzzy Hash: 8BA19061D3E2C4CFC712D7797C859A53EA4BB7730CB04A599E042A3A63D2204648EB2D

Function 008F42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,008F50AA,?,?,00000000,00000000), ref: 008F42B2
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,008F50AA,?,?,00000000,00000000), ref: 008F42C9
LoadResource.KERNEL32(?,00000000,?,?,008F50AA,?,?,00000000,00000000,?,?,?,?,?,?,008F4F20), ref: 009335BE
SizeofResource.KERNEL32(?,00000000,?,?,008F50AA,?,?,00000000,00000000,?,?,?,?,?,?,008F4F20), ref: 009335D3
LockResource.KERNEL32(008F50AA,?,?,008F50AA,?,?,00000000,00000000,?,?,?,?,?,?,008F4F20,?), ref: 009335E6

Strings

SCRIPT, xrefs: 008F42BF

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: 6576f4f3ad2679a9e0606771466acf2e003b5cbac777c18152692135e9e56fbb
Instruction ID: a0a7562e83b813c6049edfce548ee3b05cff45fdf1dca87872840061f4706c98
Opcode Fuzzy Hash: 6576f4f3ad2679a9e0606771466acf2e003b5cbac777c18152692135e9e56fbb
Instruction Fuzzy Hash: F2117CB0200705BFD7218B75DC48F277BB9EBC5B51F10816EB512D66A0DBB2D8009B30

Function 00932BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryW.KERNEL32(?), ref: 008F2B6B

Part of subcall function 008F3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,009C1418,?,008F2E7F,?,?,?,00000000), ref: 008F3A78

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

GetForegroundWindow.USER32(runas,?,?,?,?,?,009B2224), ref: 00932C10
ShellExecuteW.SHELL32(00000000,?,?,009B2224), ref: 00932C17

Strings

runas, xrefs: 00932C0B

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
String ID: runas
API String ID: 448630720-4000483414
Opcode ID: 6393f513acddb96a189126d864f2efa8c0e0798dbb9b200bebdcbd6c24ae299f
Instruction ID: 7fb4ff9140dffbcaeea5103f5d5b42e1242120f5e27275f7c5f47323fa551a21
Opcode Fuzzy Hash: 6393f513acddb96a189126d864f2efa8c0e0798dbb9b200bebdcbd6c24ae299f
Instruction Fuzzy Hash: 2511A231508309AAC719FF78D852EBEB7A4FB95350F44142DF682D21A3DF218A499713

Function 0097A67C Relevance: 6.2, APIs: 4, Instructions: 175
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0097A6AC
Process32FirstW.KERNEL32(00000000,?), ref: 0097A6BA

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

Process32NextW.KERNEL32(00000000,?), ref: 0097A79C
CloseHandle.KERNELBASE(00000000), ref: 0097A7AB

Part of subcall function 0090CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00933303,?), ref: 0090CE8A

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: e86f336969b0cfbd7960ce87a2d722c40dd1d30b00bec2f7f53d256de4dbd1da
Instruction ID: 4375c499ba8f1b2e4c3bf2d6b1c6559e9126f9c042f9e1dc1d3e90bbee1bd176
Opcode Fuzzy Hash: e86f336969b0cfbd7960ce87a2d722c40dd1d30b00bec2f7f53d256de4dbd1da
Instruction Fuzzy Hash: F2510AB15083059FD714DF28D886A6BBBE8FF89754F00892DF589D72A1EB70D904CB92

Function 0095DBBE Relevance: 6.0, APIs: 4, Instructions: 29
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(?,00935222), ref: 0095DBCE
GetFileAttributesW.KERNELBASE(?), ref: 0095DBDD
FindFirstFileW.KERNEL32(?,?), ref: 0095DBEE
FindClose.KERNEL32(00000000), ref: 0095DBFA

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID:
API String ID: 2695905019-0
Opcode ID: de04db68c0a9f9201dba94363d8da1f20e796231f896a84b42e60fd913b46382
Instruction ID: 73e75c6d9892344930070429153e913245f8a19a77b87385702c6f57afa41075
Opcode Fuzzy Hash: de04db68c0a9f9201dba94363d8da1f20e796231f896a84b42e60fd913b46382
Instruction Fuzzy Hash: 75F0A07082991097C230AB79EC0D8AE37AC9E01336B104702F8B6C22E0EBB4995897E5

Function 00914CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(009228E9,?,00914CBE,009228E9,009B88B8,0000000C,00914E15,009228E9,00000002,00000000,?,009228E9), ref: 00914D09
TerminateProcess.KERNEL32(00000000,?,00914CBE,009228E9,009B88B8,0000000C,00914E15,009228E9,00000002,00000000,?,009228E9), ref: 00914D10
ExitProcess.KERNEL32 ref: 00914D22

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: a30f69370f1638c63536031437632a44f30db289d4ab44d96876b297a8ac9395
Instruction ID: 87136eff36fa92fefa070adf5566a8697485df7d478b576381badd1ebe636f8d
Opcode Fuzzy Hash: a30f69370f1638c63536031437632a44f30db289d4ab44d96876b297a8ac9395
Instruction Fuzzy Hash: B7E0B675114148ABCF11AF54ED0AA983B6DFB85B81B108014FC098A262CB35ED82EB90

Function 0097AFF9 Relevance: 24.4, APIs: 16, Instructions: 418
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcslen.LIBCMT ref: 0097B198
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0097B1B0
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0097B1D4
_wcslen.LIBCMT ref: 0097B200
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0097B214
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0097B236
_wcslen.LIBCMT ref: 0097B332

Part of subcall function 009605A7: GetStdHandle.KERNEL32(000000F6), ref: 009605C6

_wcslen.LIBCMT ref: 0097B34B
_wcslen.LIBCMT ref: 0097B366
CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0097B3B6
GetLastError.KERNEL32(00000000), ref: 0097B407
CloseHandle.KERNEL32(?), ref: 0097B439
CloseHandle.KERNEL32(00000000), ref: 0097B44A
CloseHandle.KERNEL32(00000000), ref: 0097B45C
CloseHandle.KERNEL32(00000000), ref: 0097B46E
CloseHandle.KERNEL32(?), ref: 0097B4E3

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: 346006e4337b49e9f21181bf34d553c89e058525543acb23acc2154d9bfb5fc7
Instruction ID: 62d502f200a8884078736aea87b7d2b1dc21ed0315ff71424041439132c62a07
Opcode Fuzzy Hash: 346006e4337b49e9f21181bf34d553c89e058525543acb23acc2154d9bfb5fc7
Instruction Fuzzy Hash: 45F18C326083049FD714EF24C891B6EBBE5BF85714F14895DF9998B2A2DB31EC44CB52

Function 008FD730 Relevance: 21.6, APIs: 14, Instructions: 629windowsleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 008FD807
timeGetTime.WINMM ref: 008FDA07
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008FDB28
TranslateMessage.USER32(?), ref: 008FDB7B
DispatchMessageW.USER32(?), ref: 008FDB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008FDB9F
Sleep.KERNELBASE(0000000A), ref: 008FDBB1

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
String ID:
API String ID: 2189390790-0
Opcode ID: e4054ecf5d1d3376a497ede56e17a6c4e1b0f709ba8eda87b1ca648c9c6e981c
Instruction ID: 69be9c2135972f977839e19ae03dccedb3b013a3fa76078269a41e9c5e798ce7
Opcode Fuzzy Hash: e4054ecf5d1d3376a497ede56e17a6c4e1b0f709ba8eda87b1ca648c9c6e981c
Instruction Fuzzy Hash: D942DD3060834ADFD728CF24C884F7ABBE6FB86314F548559FA95C7291D770A884DB92

Function 008F2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 008F2D07
RegisterClassExW.USER32(00000030), ref: 008F2D31
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 008F2D42
InitCommonControlsEx.COMCTL32(?), ref: 008F2D5F
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 008F2D6F
LoadIconW.USER32(000000A9), ref: 008F2D85
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 008F2D94

Strings

+, xrefs: 008F2CF0
0, xrefs: 008F2CE9
AutoIt v3 GUI, xrefs: 008F2D23
TaskbarCreated, xrefs: 008F2D37

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 1b3b47ea28feea83a465523878e832ac31f094f2700e7711c84166627aef4749
Instruction ID: 8115854b7f6e5070486fe8975763ed9c4c6446aa942f206e42803f37e76355bc
Opcode Fuzzy Hash: 1b3b47ea28feea83a465523878e832ac31f094f2700e7711c84166627aef4749
Instruction Fuzzy Hash: 2B21E2B5D25308AFDB00DFA4E849A9DBBB4FB09704F00411AE511A62A0D7B14540AFA5

Function 0093065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0093039A: CreateFileW.KERNELBASE(00000000,00000000,?,00930704,?,?,00000000,?,00930704,00000000,0000000C), ref: 009303B7

GetLastError.KERNEL32 ref: 0093076F
__dosmaperr.LIBCMT ref: 00930776
GetFileType.KERNELBASE(00000000), ref: 00930782
GetLastError.KERNEL32 ref: 0093078C
__dosmaperr.LIBCMT ref: 00930795
CloseHandle.KERNEL32(00000000), ref: 009307B5
CloseHandle.KERNEL32(?), ref: 009308FF
GetLastError.KERNEL32 ref: 00930931
__dosmaperr.LIBCMT ref: 00930938

Strings

H, xrefs: 009308BD

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: ede6dcbb3732c0c1bb699c52777d03c6bbe5b6284f2e2b2f25f0f8db2cdd5fb2
Instruction ID: 0a3efce944fa26cdb0878d36593d157081f1256932be4714831edd6956d8c7b3
Opcode Fuzzy Hash: ede6dcbb3732c0c1bb699c52777d03c6bbe5b6284f2e2b2f25f0f8db2cdd5fb2
Instruction Fuzzy Hash: 70A13632A141088FDF19EF68DC62BAE3BA5AB8A320F14015DF8259B391D7359C52DF91

Function 008F344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008F3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,009C1418,?,008F2E7F,?,?,?,00000000), ref: 008F3A78

Part of subcall function 008F3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 008F3379

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 008F356A
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0093318D
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 009331CE
RegCloseKey.ADVAPI32(?), ref: 00933210
_wcslen.LIBCMT ref: 00933277
_wcslen.LIBCMT ref: 00933286

Strings

Include, xrefs: 00933184, 009331C5
Software\AutoIt v3\AutoIt, xrefs: 008F3560
\, xrefs: 0093328C
\Include\, xrefs: 008F3527

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: 170e6723fea9d9f27938d487cb93aba9a37dcd1b892a4c1b38e085bb539c0cd7
Instruction ID: 89473e53928128729d170a20492161769f1716216fb8b2d589cfaf1e89d77a4a
Opcode Fuzzy Hash: 170e6723fea9d9f27938d487cb93aba9a37dcd1b892a4c1b38e085bb539c0cd7
Instruction Fuzzy Hash: 9571C3719183449EC314EF69DC81D6BBBE8FF84B40F40452EF545C72A0EB749A48DB62

Function 008F2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 008F2B8E
LoadCursorW.USER32(00000000,00007F00), ref: 008F2B9D
LoadIconW.USER32(00000063), ref: 008F2BB3
LoadIconW.USER32(000000A4), ref: 008F2BC5
LoadIconW.USER32(000000A2), ref: 008F2BD7
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 008F2BEF
RegisterClassExW.USER32(?), ref: 008F2C40

Part of subcall function 008F2CD4: GetSysColorBrush.USER32(0000000F), ref: 008F2D07
Part of subcall function 008F2CD4: RegisterClassExW.USER32(00000030), ref: 008F2D31
Part of subcall function 008F2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 008F2D42
Part of subcall function 008F2CD4: InitCommonControlsEx.COMCTL32(?), ref: 008F2D5F
Part of subcall function 008F2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 008F2D6F
Part of subcall function 008F2CD4: LoadIconW.USER32(000000A9), ref: 008F2D85
Part of subcall function 008F2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 008F2D94

Strings

#, xrefs: 008F2C16
AutoIt v3, xrefs: 008F2C2F
0, xrefs: 008F2C0F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: a7349c2526b31f368d1b1a23190627656c8200aef4b4e31d3d6d91e0f6af445d
Instruction ID: 23507defe891de5da560f001d9c83d3bf0cb3a553dc05e309a893dde30479d6b
Opcode Fuzzy Hash: a7349c2526b31f368d1b1a23190627656c8200aef4b4e31d3d6d91e0f6af445d
Instruction Fuzzy Hash: 8B214CB0E28358ABDB109FA5EC45EA97FB4FB49B54F00001AF600A67A1D3B54550EF98

Function 008F3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,008F316A,?,?), ref: 008F31D8
KillTimer.USER32(?,00000001,?,?,?,?,?,008F316A,?,?), ref: 008F3204
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 008F3227
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,008F316A,?,?), ref: 008F3232
CreatePopupMenu.USER32 ref: 008F3246
PostQuitMessage.USER32(00000000), ref: 008F3267

Strings

TaskbarCreated, xrefs: 008F322D

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: 0f87d810a2f31a98de6454ded47a3f1f716ba057d6db46fbecfe983eaf3373be
Instruction ID: e05ad26839279616a0e4162a49cc676f79ae9871761b03ada57a140e3064c4c1
Opcode Fuzzy Hash: 0f87d810a2f31a98de6454ded47a3f1f716ba057d6db46fbecfe983eaf3373be
Instruction Fuzzy Hash: 9E414C3166820CEBDF256B78DD0DF793659F746349F04012AFB06C62A2CB71DE80A766

Function 008F1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 008F1459
CoUninitialize.COMBASE ref: 008F14F8
UnregisterHotKey.USER32(?), ref: 008F16DD
DestroyWindow.USER32(?), ref: 009324B9
FreeLibrary.KERNEL32(?), ref: 0093251E
VirtualFree.KERNEL32(?,00000000,00008000), ref: 0093254B

Strings

close all, xrefs: 008F1454

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: 40a3defa2e36d189b47966e2029f4b5e0a7efc96a1f48ef9d49cdbc1c023c084
Instruction ID: e645b26a62a86e6f687149e5e86800687f0ba3133d6ba567ea41a486b2439869
Opcode Fuzzy Hash: 40a3defa2e36d189b47966e2029f4b5e0a7efc96a1f48ef9d49cdbc1c023c084
Instruction Fuzzy Hash: 44D17B31701216CFCB29EF25C899B29F7A4FF45704F2442ADE54AAB2A1DB31AD12CF51

Function 008F2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 008F2C91
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 008F2CB2
ShowWindow.USER32(00000000,?,?,?,?,?,?,008F1CAD,?), ref: 008F2CC6
ShowWindow.USER32(00000000,?,?,?,?,?,?,008F1CAD,?), ref: 008F2CCF

Strings

AutoIt v3, xrefs: 008F2C89, 008F2C8E, 008F2C8F
edit, xrefs: 008F2CAC

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: 3b603d2d7541e3f6f877c7772deb271e06fcae73db804b3e9d987bd1b2113771
Instruction ID: 2888c7a987475aaa342d8eebeb248bad87cd4c32993556635d2e5e14afbe3234
Opcode Fuzzy Hash: 3b603d2d7541e3f6f877c7772deb271e06fcae73db804b3e9d987bd1b2113771
Instruction Fuzzy Hash: 6BF0DAB59642D07BEB311717AC08E772EBDD7C7F54B01005BF900A36A1C6751850EAB8

Function 008F3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,008F3B0F,SwapMouseButtons,00000004,?), ref: 008F3B40
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,008F3B0F,SwapMouseButtons,00000004,?), ref: 008F3B61
RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,008F3B0F,SwapMouseButtons,00000004,?), ref: 008F3B83

Strings

Control Panel\Mouse, xrefs: 008F3B3E

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: f682ff1a4af9424852f21f96e5d9b0f0ef8ca7f563b740c36ec712b859bdc192
Instruction ID: ce95fa1fe269b3c96af8cd3f54cc8633affdc5bc9ec4c5b888456d1372a14d16
Opcode Fuzzy Hash: f682ff1a4af9424852f21f96e5d9b0f0ef8ca7f563b740c36ec712b859bdc192
Instruction Fuzzy Hash: 81112AB552120CFFDB218FA5DC54ABEB7B8FF05794B10445AA905D7210D2319E40A760

Function 008F3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 009333A2

Part of subcall function 008F6B57: _wcslen.LIBCMT ref: 008F6B6A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 008F3A04

Strings

Line: , xrefs: 009333EB

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line:
API String ID: 2289894680-1585850449
Opcode ID: 531c40ac63acbb095ec7162534854ac5537735f0d028b7ab4d8a5c380c883064
Instruction ID: abb292e9aa67559ea58031ff2fd478484ce8697ca29d078de416c6291d8c999d
Opcode Fuzzy Hash: 531c40ac63acbb095ec7162534854ac5537735f0d028b7ab4d8a5c380c883064
Instruction Fuzzy Hash: 8331C171918348AAC325EB34DC45FEBB7D8FB41714F00452AF699C2192EB709A48CB87

Function 0090FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00910668

Part of subcall function 009132A4: RaiseException.KERNEL32(?,?,?,0091068A,?,009C1444,?,?,?,?,?,?,0091068A,008F1129,009B8738,008F1129), ref: 00913304

__CxxThrowException@8.LIBVCRUNTIME ref: 00910685

Strings

Unknown exception, xrefs: 00910692

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: 35985e9907f04d8aa6a850cf9fe5b254ef7d2f8495034b45f9a7260aba7226fa
Instruction ID: 39efff2eee9ab71e04c639aed60c9a3f816b4c2f700c198afc6c494c1b7c05cc
Opcode Fuzzy Hash: 35985e9907f04d8aa6a850cf9fe5b254ef7d2f8495034b45f9a7260aba7226fa
Instruction Fuzzy Hash: D1F0C234A0030DBBCB10B664D856EDE776D5EC0354B608571B924969D1EFB2DBE6C680

Function 008F10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON

Download Yara Rule

APIs

Part of subcall function 008F1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 008F1BF4
Part of subcall function 008F1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 008F1BFC
Part of subcall function 008F1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 008F1C07
Part of subcall function 008F1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 008F1C12
Part of subcall function 008F1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 008F1C1A
Part of subcall function 008F1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 008F1C22

Part of subcall function 008F1B4A: RegisterWindowMessageW.USER32(00000004,?,008F12C4), ref: 008F1BA2

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 008F136A
OleInitialize.OLE32 ref: 008F1388
CloseHandle.KERNEL32(00000000,00000000), ref: 009324AB

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: 46c43235fb2b89235d97d5cf6d404b8df5d88d8136b159f0c203daeae01a3da1
Instruction ID: 0e941a42e84ff516656b12df923c4b842a96715b8d3012fb27e5d3b79b08a23c
Opcode Fuzzy Hash: 46c43235fb2b89235d97d5cf6d404b8df5d88d8136b159f0c203daeae01a3da1
Instruction Fuzzy Hash: 9F71BFB4D293848FC798EF79A955E653AE4FB8A350754412EE10AC7373EB308401AF5E

Function 0095C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 008F3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 008F3A04

Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0095C259
KillTimer.USER32(?,00000001,?,?), ref: 0095C261
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0095C270

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: f92382fc10d811ab9aaa39c70299a99ac550bdd849f22a7f6a3bdae7a46774bb
Instruction ID: 1464ce241a0a2702ee2e157c2d3d15e27f1974a141766c3d9bfb26ef4828d839
Opcode Fuzzy Hash: f92382fc10d811ab9aaa39c70299a99ac550bdd849f22a7f6a3bdae7a46774bb
Instruction Fuzzy Hash: 3B3198B09043446FEB22DF758855BE7BBECAB06705F00049DD5EA97241C7746A88CB51

Function 009286AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,?,?,009285CC,?,009B8CC8,0000000C), ref: 00928704
GetLastError.KERNEL32(?,009285CC,?,009B8CC8,0000000C), ref: 0092870E
__dosmaperr.LIBCMT ref: 00928739

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr
String ID:
API String ID: 2583163307-0
Opcode ID: af6a418b24b41b7ba31637af96288decd3fdf6e36572cd67027e696dfda756c5
Instruction ID: 883368b5037e027fbd22c0e45a6af2554a10bc15feadb7148216e5fe081fc055
Opcode Fuzzy Hash: af6a418b24b41b7ba31637af96288decd3fdf6e36572cd67027e696dfda756c5
Instruction Fuzzy Hash: 2E014932A1A63066D624A334B849B7F6B5D4BD2775F3A011DF8148B1DBDEB1CC819290

Function 008FDB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 008FDB7B
DispatchMessageW.USER32(?), ref: 008FDB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008FDB9F
Sleep.KERNELBASE(0000000A), ref: 008FDBB1
TranslateAcceleratorW.USER32(?,?,?), ref: 00941CC9

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchPeekSleep
String ID:
API String ID: 3288985973-0
Opcode ID: d14274375be47f40c36bbc59963b1b40930dcf47fbeebc3a29ff99e201840788
Instruction ID: a18f3d89c5ab0bf08bf67a46ba773057e5d2678704d2342337fa2976f0ebccf7
Opcode Fuzzy Hash: d14274375be47f40c36bbc59963b1b40930dcf47fbeebc3a29ff99e201840788
Instruction Fuzzy Hash: 80F05E706183449BEB30CB708C89FAA73ADFB85351F104A18E74AC30D0DB30A4889B29

Function 00901310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 009017F6

Strings

CALL, xrefs: 009017C6

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: 4b9d3fbf2000e7f2fb6befdcc85c6b4b454e37fc654e7ea53543002d1079b5b3
Instruction ID: fa2cfe26053a9d579b8f9c64a116e8292ea1058def3b5d1a3d0f212363e09b97
Opcode Fuzzy Hash: 4b9d3fbf2000e7f2fb6befdcc85c6b4b454e37fc654e7ea53543002d1079b5b3
Instruction Fuzzy Hash: 1D227AB06082419FC714DF24C890F2ABBF5BF86314F24896DF4968B3A1D776E945CB92

Function 008F2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 00932C8C

Part of subcall function 008F3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008F3A97,?,?,008F2E7F,?,?,?,00000000), ref: 008F3AC2

Part of subcall function 008F2DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 008F2DC4

Strings

X, xrefs: 00932C5A

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X
API String ID: 779396738-3081909835
Opcode ID: 97b361e9072f16ec520b211da2cb0f625bb0671b62d14ed7f8a19dcbb903006c
Instruction ID: 5ee64e37872d24627eafc6b3c308b35ab51ddf09cb70cf87266ec5c21d77030d
Opcode Fuzzy Hash: 97b361e9072f16ec520b211da2cb0f625bb0671b62d14ed7f8a19dcbb903006c
Instruction Fuzzy Hash: C4218171A1029C9BCF11EFA8C845BEE7BF9EF49314F004059E505E7241DBB85A898F61

Function 008F3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 008F3908

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: b4236474ea9eb44a6e73a491dc2ecd1672f5010d661fc8f00eb4eb7b34f10475
Instruction ID: c302db0c08599e294ff51f191040ad6f4b0d3a1738d8005be524cf563af4e725
Opcode Fuzzy Hash: b4236474ea9eb44a6e73a491dc2ecd1672f5010d661fc8f00eb4eb7b34f10475
Instruction Fuzzy Hash: 1C31C570A143049FD720DF34D884BA7BBE8FB49748F00092EFA99C3251D775AA44CB52

Function 0090F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 0090F661

Part of subcall function 008FD730: GetInputState.USER32 ref: 008FD807

Sleep.KERNEL32(00000000), ref: 0094F2DE

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: InputSleepStateTimetime
String ID:
API String ID: 4149333218-0
Opcode ID: a603b01492b37fcba1c158446c202b3f427beb2e952fe87dc7cfc841e953a7e8
Instruction ID: 8cb18393d0747551aec7a074a3edede04ac2cd73f607c5431a14d00e23ba2440
Opcode Fuzzy Hash: a603b01492b37fcba1c158446c202b3f427beb2e952fe87dc7cfc841e953a7e8
Instruction Fuzzy Hash: 48F0A0712442099FD310EF79D459F6AB7E9FF49761F000029E95AC77A0EB70B800CBA1

Function 008FB710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 008FBB4E

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: 7b2e6683100cd84ade889b1ddc22ba7a139a719292ccb5a9f08cd2ec3705c757
Instruction ID: 99fab714e038a4987851f11eed62d5df7e74af48293bbf702839b1ea47353db3
Opcode Fuzzy Hash: 7b2e6683100cd84ade889b1ddc22ba7a139a719292ccb5a9f08cd2ec3705c757
Instruction Fuzzy Hash: 8232AC34A0420D9FDB24CF64C894FBABBB9FF84354F148059EA15AB291D7B8ED41CB91

Function 008F4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 008F4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,008F4EDD,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4E9C
Part of subcall function 008F4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 008F4EAE
Part of subcall function 008F4E90: FreeLibrary.KERNEL32(00000000,?,?,008F4EDD,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4EC0

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4EFD

Part of subcall function 008F4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00933CDE,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4E62
Part of subcall function 008F4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 008F4E74
Part of subcall function 008F4E59: FreeLibrary.KERNEL32(00000000,?,?,00933CDE,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4E87

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: cdbc032153d1d45b1f3af49dc5a6ea3adfe2269936fe2d9329aa15d9a39daa8c
Instruction ID: ae3a276df273ed10554291d45d9f2133a77ac4c186c00ce8d8766f4b73f27b8b
Opcode Fuzzy Hash: cdbc032153d1d45b1f3af49dc5a6ea3adfe2269936fe2d9329aa15d9a39daa8c
Instruction Fuzzy Hash: 7C11E332610209ABCF14BB78DC02FBE77A5FF80710F20842EF646E61C1EE709A459B61

Function 00928402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00928440

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 9803319eaa79499f3736ac5e3fee52ad8a6c25391c4cac0950ab3f18406f9f4d
Instruction ID: 85c116b24073b3acca9cb8e92c80ed99cd991fd3cfb2867ade53a5ec7d1db973
Opcode Fuzzy Hash: 9803319eaa79499f3736ac5e3fee52ad8a6c25391c4cac0950ab3f18406f9f4d
Instruction Fuzzy Hash: B711187590410AAFCF05DF58E941A9B7BF9EF48314F144059F808AB312DA31DE21CBA5

Function 00925000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00924C7D: RtlAllocateHeap.NTDLL(00000008,008F1129,00000000,?,00922E29,00000001,00000364,?,?,?,0091F2DE,00923863,009C1444,?,0090FDF5,?), ref: 00924CBE

_free.LIBCMT ref: 0092506C

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
Instruction ID: bff3e81f777e21e0a60adb88fda76143e11ee8b453e1c2794d7bfa0dbf7dd1e9
Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
Instruction Fuzzy Hash: BF012B722447146BE3218F55AC41A5AFBECFBC9370F65051DE184932C0E6306805C774

Function 009829BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?,?,?,009814B5,?), ref: 00982A01

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: 57eb1b8748e18096cc9e34cb741c8f6f43e7f6b84ce5ae37378fd3f2e24bb4d6
Instruction ID: 74d1a9e8a79adb4819ed16e2e6b72644ca28dea2b6d5545c66c285441fd2b6c2
Opcode Fuzzy Hash: 57eb1b8748e18096cc9e34cb741c8f6f43e7f6b84ce5ae37378fd3f2e24bb4d6
Instruction Fuzzy Hash: CA01B136300A419FD328EB2CC554B263796EFC5314F298468C0478B391DB32FC42C7A0

Function 0091E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction ID: 3b8a1cf77a0317afb318eb61ce982bac680f168c3b99ed2232d6dbfc116b4385
Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction Fuzzy Hash: C7F02832712A2CAAC7313B69AC05BDB339C9FD23B0F500B15FC21931D2CB74E88186A5

Function 00924C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,008F1129,00000000,?,00922E29,00000001,00000364,?,?,?,0091F2DE,00923863,009C1444,?,0090FDF5,?), ref: 00924CBE

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: b3db6e96dcfca948470cda53071df8fb23a4bdcb43c1d07c0b258b754a494a14
Instruction ID: 29707300561f16bb7bae4fcf28cdddc03d4665fee7570db30fcf89dc7713246a
Opcode Fuzzy Hash: b3db6e96dcfca948470cda53071df8fb23a4bdcb43c1d07c0b258b754a494a14
Instruction Fuzzy Hash: E3F0E03174613467DB21DF69FC05FDA374CBF81760B144111B85696299CA70D80156E0

Function 00923820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,009C1444,?,0090FDF5,?,?,008FA976,00000010,009C1440,008F13FC,?,008F13C6,?,008F1129), ref: 00923852

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: e9f03a158b8ffda858a3b09a915aade4a38178aea084b30c10674d7d694c1fff
Instruction ID: 93341101f1a4f325c3419d033aac5f15792797387c58206ac2791f5235094323
Opcode Fuzzy Hash: e9f03a158b8ffda858a3b09a915aade4a38178aea084b30c10674d7d694c1fff
Instruction Fuzzy Hash: B5E02B3220423857D7312677BC04FDB376DAF82BB0F168020BD159E999CB2DDD0182E0

Function 008F4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4F6D

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: e02f5210238f4cf622fae4d2065aa0b0b92bc1058ba98369093de980c69f159c
Instruction ID: dea5518c0c6eae81977da8aab9bc0cc4fc66a0f7705c0683f0f7a2cab57a68a4
Opcode Fuzzy Hash: e02f5210238f4cf622fae4d2065aa0b0b92bc1058ba98369093de980c69f159c
Instruction Fuzzy Hash: 78F0157150975ACFDB349F74D494823BBE4FF14329320996EE2EE82621CB319888DB10

Function 00982A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00982A66

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: 763906dbbb178cd955c3459191d4ac75aead3620e2fdac5fc8dbd18de5932107
Instruction ID: 92ef4ba2922272febbe93c6f460d4d8b87367fe970abf2da2ef46d0e7635a329
Opcode Fuzzy Hash: 763906dbbb178cd955c3459191d4ac75aead3620e2fdac5fc8dbd18de5932107
Instruction Fuzzy Hash: 32E04F76354216AAC758FB31DC809FA735CEF903957104536AC26C2240EB34999597A0

Function 008F30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000002,?), ref: 008F314E

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 057b4e25f2b273d2bcc56933c0eefe5869457342ae9be0f7aa0f3541c47ce525
Instruction ID: ddac418cf7a664ac90568b9e3baca5d8ed661b78d88c4b33ad8eb0516c47a6ab
Opcode Fuzzy Hash: 057b4e25f2b273d2bcc56933c0eefe5869457342ae9be0f7aa0f3541c47ce525
Instruction Fuzzy Hash: 8CF037709143589FEB529B24DC45BD57BBCB70170CF0000E5A64896292D77457D8CF55

Function 008F2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 008F2DC4

Part of subcall function 008F6B57: _wcslen.LIBCMT ref: 008F6B6A

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: a7ea6ed1dee92e63db6c27658ac4f1aea04919642cd72ac32d71b690c3631a75
Instruction ID: c3c28357dc09c0890d6f0e57b90f61dadfde19f6e1385d4fb578d65a2f607905
Opcode Fuzzy Hash: a7ea6ed1dee92e63db6c27658ac4f1aea04919642cd72ac32d71b690c3631a75
Instruction Fuzzy Hash: 78E0CD726041245BC71092589C05FEA77DDEFC8790F040171FD09D7258DA70ED808651

Function 008F2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 008F3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 008F3908

Part of subcall function 008FD730: GetInputState.USER32 ref: 008FD807

SetCurrentDirectoryW.KERNEL32(?), ref: 008F2B6B

Part of subcall function 008F30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 008F314E

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: IconNotifyShell_$CurrentDirectoryInputState
String ID:
API String ID: 3667716007-0
Opcode ID: f6a674299ac48be22020856e597be3266f33439fca7481683699fa04540205d8
Instruction ID: 2443eae8b3e82f20da9289d235b617d826beaf413d53ff3e393f9b062de3383a
Opcode Fuzzy Hash: f6a674299ac48be22020856e597be3266f33439fca7481683699fa04540205d8
Instruction Fuzzy Hash: 0BE0863271434C06C608BB7D985297DA759FBD6352F40153EF742C7273DE2485454353

Function 0093039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00930704,?,?,00000000,?,00930704,00000000,0000000C), ref: 009303B7

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 3d1b60854f36d1d88be0b0dd1a94d3e2ec10d5f607b539192a71094b5b66235d
Instruction ID: ffc9eccf7bebdba8ac5d7ad4f97f9d3453c3dd821239abc6ee12febc9d63ccab
Opcode Fuzzy Hash: 3d1b60854f36d1d88be0b0dd1a94d3e2ec10d5f607b539192a71094b5b66235d
Instruction Fuzzy Hash: F1D06C3205410DBBDF028F84DD46EDA3BAAFB48714F014000BE1856120C732E821AB90

Function 008F1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 008F1CBC

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: 6beb3bae42c444de7835a87fe0b5e063ddc11d5cd363198f5c79bb40666ee49c
Instruction ID: 0416e85065b1ce141b7bbe3f8880dfeebb3c3e2a4d27c08f707575b72efac7c7
Opcode Fuzzy Hash: 6beb3bae42c444de7835a87fe0b5e063ddc11d5cd363198f5c79bb40666ee49c
Instruction Fuzzy Hash: 2CC092366AC344AFF7149B80BC4AF117764A388B04F048002F609A9AE3C3F22820FB64

Non-executed Functions

Function 00989576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0098961A
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0098965B
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0098969F
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009896C9
SendMessageW.USER32 ref: 009896F2
GetKeyState.USER32(00000011), ref: 0098978B
GetKeyState.USER32(00000009), ref: 00989798
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 009897AE
GetKeyState.USER32(00000010), ref: 009897B8
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009897E9
SendMessageW.USER32 ref: 00989810
SendMessageW.USER32(?,00001030,?,00987E95), ref: 00989918
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0098992E
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00989941
SetCapture.USER32(?), ref: 0098994A
ClientToScreen.USER32(?,?), ref: 009899AF
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 009899BC
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009899D6
ReleaseCapture.USER32 ref: 009899E1
GetCursorPos.USER32(?), ref: 00989A19
ScreenToClient.USER32(?,?), ref: 00989A26
SendMessageW.USER32(?,00001012,00000000,?), ref: 00989A80
SendMessageW.USER32 ref: 00989AAE
SendMessageW.USER32(?,00001111,00000000,?), ref: 00989AEB
SendMessageW.USER32 ref: 00989B1A
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00989B3B
SendMessageW.USER32(?,0000110B,00000009,?), ref: 00989B4A
GetCursorPos.USER32(?), ref: 00989B68
ScreenToClient.USER32(?,?), ref: 00989B75
GetParent.USER32(?), ref: 00989B93
SendMessageW.USER32(?,00001012,00000000,?), ref: 00989BFA
SendMessageW.USER32 ref: 00989C2B
ClientToScreen.USER32(?,?), ref: 00989C84
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00989CB4
SendMessageW.USER32(?,00001111,00000000,?), ref: 00989CDE
SendMessageW.USER32 ref: 00989D01
ClientToScreen.USER32(?,?), ref: 00989D4E
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00989D82

Part of subcall function 00909944: GetWindowLongW.USER32(?,000000EB), ref: 00909952

GetWindowLongW.USER32(?,000000F0), ref: 00989E05

Strings

F, xrefs: 00989D07
@GUI_DRAGID, xrefs: 0098997D

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
String ID: @GUI_DRAGID$F
API String ID: 3429851547-4164748364
Opcode ID: a1744b186ac05d06748f9c2f14245675f19150baf77bbd24fc705d9906866ac7
Instruction ID: 016ce45c63d3c17d06ce127ba9b6c6586aa9374f1e4906d87cfb444a5a135fdb
Opcode Fuzzy Hash: a1744b186ac05d06748f9c2f14245675f19150baf77bbd24fc705d9906866ac7
Instruction Fuzzy Hash: 26427C74618201AFDB24EF28CC44EBABBE9FF49314F180A19F699873A1E731D854DB51

Function 00984873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 009848F3
SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00984908
SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00984927
SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0098494B
SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0098495C
SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0098497B
SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 009849AE
SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 009849D4
SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00984A0F
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00984A56
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00984A7E
IsMenu.USER32(?), ref: 00984A97
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00984AF2
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00984B20
GetWindowLongW.USER32(?,000000F0), ref: 00984B94
SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00984BE3
SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00984C82
wsprintfW.USER32 ref: 00984CAE
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00984CC9
GetWindowTextW.USER32(?,00000000,00000001), ref: 00984CF1
SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00984D13
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00984D33
GetWindowTextW.USER32(?,00000000,00000001), ref: 00984D5A

Strings

%d/%02d/%02d, xrefs: 00984CA8

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
String ID: %d/%02d/%02d
API String ID: 4054740463-328681919
Opcode ID: 70a5dc8733322fd3a8ef2b9f44d6419447e96331ce42257e7ad2365f89da0666
Instruction ID: 0ffed640282ca357104208e9a49dcc93e295520811f8b1d369e31acb3d84bcf8
Opcode Fuzzy Hash: 70a5dc8733322fd3a8ef2b9f44d6419447e96331ce42257e7ad2365f89da0666
Instruction Fuzzy Hash: 72120271600256ABEB25AF28CC49FAE7BF8EF85710F104529F516DB3E1DB789940CB50

Function 0090F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0090F998
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0094F474
IsIconic.USER32(00000000), ref: 0094F47D
ShowWindow.USER32(00000000,00000009), ref: 0094F48A
SetForegroundWindow.USER32(00000000), ref: 0094F494
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0094F4AA
GetCurrentThreadId.KERNEL32 ref: 0094F4B1
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0094F4BD
AttachThreadInput.USER32(?,00000000,00000001), ref: 0094F4CE
AttachThreadInput.USER32(?,00000000,00000001), ref: 0094F4D6
AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0094F4DE
SetForegroundWindow.USER32(00000000), ref: 0094F4E1
MapVirtualKeyW.USER32(00000012,00000000), ref: 0094F4F6
keybd_event.USER32(00000012,00000000), ref: 0094F501
MapVirtualKeyW.USER32(00000012,00000000), ref: 0094F50B
keybd_event.USER32(00000012,00000000), ref: 0094F510
MapVirtualKeyW.USER32(00000012,00000000), ref: 0094F519
keybd_event.USER32(00000012,00000000), ref: 0094F51E
MapVirtualKeyW.USER32(00000012,00000000), ref: 0094F528
keybd_event.USER32(00000012,00000000), ref: 0094F52D
SetForegroundWindow.USER32(00000000), ref: 0094F530
AttachThreadInput.USER32(?,000000FF,00000000), ref: 0094F557

Strings

Shell_TrayWnd, xrefs: 0094F46F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: 53329f9b14ca831378ffe5681704141f9f503ead07a7f32ab6a1c610a4f25720
Instruction ID: 87f8e1bf583a349c1e829d8d45a97b2e4789ac21d56c3dc05f6fbda662786270
Opcode Fuzzy Hash: 53329f9b14ca831378ffe5681704141f9f503ead07a7f32ab6a1c610a4f25720
Instruction Fuzzy Hash: 723174B1A54219BFEB206BB59C4AFBF7E6CEB44B50F100425F601E62D1D6B09D00BB70

Function 00951201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 009516C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0095170D
Part of subcall function 009516C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0095173A
Part of subcall function 009516C3: GetLastError.KERNEL32 ref: 0095174A

LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00951286
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 009512A8
CloseHandle.KERNEL32(?), ref: 009512B9
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 009512D1
GetProcessWindowStation.USER32 ref: 009512EA
SetProcessWindowStation.USER32(00000000), ref: 009512F4
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00951310

Part of subcall function 009510BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,009511FC), ref: 009510D4
Part of subcall function 009510BF: CloseHandle.KERNEL32(?,?,009511FC), ref: 009510E9

Strings

default, xrefs: 0095130B
, xrefs: 0095125A
winsta0, xrefs: 009512CC

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
String ID: $default$winsta0
API String ID: 22674027-1027155976
Opcode ID: 8b55bff428c8373ab06766d849eecd5b3d1657abc910f1bf7ba78b17e6c96ca2
Instruction ID: 59bff50952c3d9d77b8a146079ba1683344b2bd950ad805efae70a0a61a903f6
Opcode Fuzzy Hash: 8b55bff428c8373ab06766d849eecd5b3d1657abc910f1bf7ba78b17e6c96ca2
Instruction Fuzzy Hash: 908187B1A00209AFDF21DFA5DC49FEE7BBDEF48705F144129F910A62A0D7748A48DB24

Function 00950B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 009510F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00951114
Part of subcall function 009510F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00950B9B,?,?,?), ref: 00951120
Part of subcall function 009510F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00950B9B,?,?,?), ref: 0095112F
Part of subcall function 009510F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00950B9B,?,?,?), ref: 00951136
Part of subcall function 009510F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0095114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00950BCC
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00950C00
GetLengthSid.ADVAPI32(?), ref: 00950C17
GetAce.ADVAPI32(?,00000000,?), ref: 00950C51
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00950C6D
GetLengthSid.ADVAPI32(?), ref: 00950C84
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00950C8C
HeapAlloc.KERNEL32(00000000), ref: 00950C93
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00950CB4
CopySid.ADVAPI32(00000000), ref: 00950CBB
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00950CEA
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00950D0C
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00950D1E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00950D45
HeapFree.KERNEL32(00000000), ref: 00950D4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00950D55
HeapFree.KERNEL32(00000000), ref: 00950D5C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00950D65
HeapFree.KERNEL32(00000000), ref: 00950D6C
GetProcessHeap.KERNEL32(00000000,?), ref: 00950D78
HeapFree.KERNEL32(00000000), ref: 00950D7F

Part of subcall function 00951193: GetProcessHeap.KERNEL32(00000008,00950BB1,?,00000000,?,00950BB1,?), ref: 009511A1
Part of subcall function 00951193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00950BB1,?), ref: 009511A8
Part of subcall function 00951193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00950BB1,?), ref: 009511B7

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: fbf685e726b0145f50ee467da77705f813f0a3d14c758a3284b5683fd73e05e4
Instruction ID: 28bcea36c391e6cd2a3de7485441be76480f7e827f9c6d2e5a99c16f85890b76
Opcode Fuzzy Hash: fbf685e726b0145f50ee467da77705f813f0a3d14c758a3284b5683fd73e05e4
Instruction Fuzzy Hash: A27168B290420AABDF10DFA5DC88BEEBBBCAF44341F144515ED15A7291D771AA09CB60

Function 0096EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(0098CC08), ref: 0096EB29
IsClipboardFormatAvailable.USER32(0000000D), ref: 0096EB37
GetClipboardData.USER32(0000000D), ref: 0096EB43
CloseClipboard.USER32 ref: 0096EB4F
GlobalLock.KERNEL32(00000000), ref: 0096EB87
CloseClipboard.USER32 ref: 0096EB91
GlobalUnlock.KERNEL32(00000000), ref: 0096EBBC
IsClipboardFormatAvailable.USER32(00000001), ref: 0096EBC9
GetClipboardData.USER32(00000001), ref: 0096EBD1
GlobalLock.KERNEL32(00000000), ref: 0096EBE2
GlobalUnlock.KERNEL32(00000000), ref: 0096EC22
IsClipboardFormatAvailable.USER32(0000000F), ref: 0096EC38
GetClipboardData.USER32(0000000F), ref: 0096EC44
GlobalLock.KERNEL32(00000000), ref: 0096EC55
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0096EC77
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0096EC94
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0096ECD2
GlobalUnlock.KERNEL32(00000000), ref: 0096ECF3
CountClipboardFormats.USER32 ref: 0096ED14
CloseClipboard.USER32 ref: 0096ED59

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: 844a2a617c07708ea5f71894064326c04c6defe0f178cd04a01ceb358c8b5b5c
Instruction ID: 52f0e89c72bcd11b1eebbebae37f35602dba380b6be7ee336d5d516594b5891b
Opcode Fuzzy Hash: 844a2a617c07708ea5f71894064326c04c6defe0f178cd04a01ceb358c8b5b5c
Instruction Fuzzy Hash: F661BC78208206AFD300EF24D898F3A77A8FF84754F184529F596C72A2DB31D905DB62

Function 0096698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 009669BE
FindClose.KERNEL32(00000000), ref: 00966A12
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00966A4E
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00966A75

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

FileTimeToSystemTime.KERNEL32(?,?), ref: 00966AB2
FileTimeToSystemTime.KERNEL32(?,?), ref: 00966ADF

Strings

%03d, xrefs: 00966DA2
%4d%02d%02d%02d%02d%02d, xrefs: 00966B6A
%02d, xrefs: 00966C00, 00966C0A, 00966C5A, 00966CAA, 00966CFA, 00966D4A
%4d%02d%02d%02d%02d%02d%03d, xrefs: 00966B32
%4d, xrefs: 00966BB1

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: 5bb568ad46c2b61576e537a04926c3a137eeacb346a1cbd007266dfe8b0c28bd
Instruction ID: 8f3c9ac8e71fb08006331a41b2a89e899175e2c895aec8cef6a3278fd6313cd0
Opcode Fuzzy Hash: 5bb568ad46c2b61576e537a04926c3a137eeacb346a1cbd007266dfe8b0c28bd
Instruction Fuzzy Hash: 16D13D72508304AEC710EBA8C991EBBB7ECFF88704F44491DF689C6191EB74DA44CB62

Function 00969642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 00969663
GetFileAttributesW.KERNEL32(?), ref: 009696A1
SetFileAttributesW.KERNEL32(?,?), ref: 009696BB
FindNextFileW.KERNEL32(00000000,?), ref: 009696D3
FindClose.KERNEL32(00000000), ref: 009696DE
FindFirstFileW.KERNEL32(*.*,?), ref: 009696FA
SetCurrentDirectoryW.KERNEL32(?), ref: 0096974A
SetCurrentDirectoryW.KERNEL32(009B6B7C), ref: 00969768
FindNextFileW.KERNEL32(00000000,00000010), ref: 00969772
FindClose.KERNEL32(00000000), ref: 0096977F
FindClose.KERNEL32(00000000), ref: 0096978F

Strings

*.*, xrefs: 009696F5

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: 0f35d37c535266ff275b63fae8de6a9d5bd262225d7180675e241369a0db2d8c
Instruction ID: 158c216a3502d13b6c49b90235aef254a0f6288d79be6ae43e95c6efb5d3b344
Opcode Fuzzy Hash: 0f35d37c535266ff275b63fae8de6a9d5bd262225d7180675e241369a0db2d8c
Instruction Fuzzy Hash: F531F572614219AEDF14EFB4ED08AEE77BCAF89320F104566F815E2290DB34DD84CB20

Function 0096979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 009697BE
FindNextFileW.KERNEL32(00000000,?), ref: 00969819
FindClose.KERNEL32(00000000), ref: 00969824
FindFirstFileW.KERNEL32(*.*,?), ref: 00969840
SetCurrentDirectoryW.KERNEL32(?), ref: 00969890
SetCurrentDirectoryW.KERNEL32(009B6B7C), ref: 009698AE
FindNextFileW.KERNEL32(00000000,00000010), ref: 009698B8
FindClose.KERNEL32(00000000), ref: 009698C5
FindClose.KERNEL32(00000000), ref: 009698D5

Part of subcall function 0095DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0095DB00

Strings

*.*, xrefs: 0096983B

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: 024b9696c33acf4dd2886b6d167bdd392202aed4952b78e3517b9566cdf0e776
Instruction ID: dc707ba642dd7b152ee4ab69a32552545b36ec8fa75ebad3396739d0dd975679
Opcode Fuzzy Hash: 024b9696c33acf4dd2886b6d167bdd392202aed4952b78e3517b9566cdf0e776
Instruction Fuzzy Hash: A531D272604219AEDB10EFB4EC48ADE77BC9F8A324F104556E814E32D0DB34DE85DB60

Function 0097BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0097C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0097B6AE,?,?), ref: 0097C9B5
Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097C9F1
Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097CA68
Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0097BF3E
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0097BFA9
RegCloseKey.ADVAPI32(00000000), ref: 0097BFCD
RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0097C02C
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0097C0E7
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0097C154
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0097C1E9
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0097C23A
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0097C2E3
RegCloseKey.ADVAPI32(?,?,00000000), ref: 0097C382
RegCloseKey.ADVAPI32(00000000), ref: 0097C38F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
String ID:
API String ID: 3102970594-0
Opcode ID: a136873429f88ebfd831fb956292d547af5b4719f268714a605abe488ae69f30
Instruction ID: e6dc6e358f82dc00a735cd43fa3ca54a90f34b426a42b1bc1bd6596ca6c60edf
Opcode Fuzzy Hash: a136873429f88ebfd831fb956292d547af5b4719f268714a605abe488ae69f30
Instruction Fuzzy Hash: 2C020CB1604200AFD714DF28C895E2ABBE5EF89318F58C49DF849DB2A2D731ED45CB52

Function 00968195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00968257
SystemTimeToFileTime.KERNEL32(?,?), ref: 00968267
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00968273
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00968310
SetCurrentDirectoryW.KERNEL32(?), ref: 00968324
SetCurrentDirectoryW.KERNEL32(?), ref: 00968356
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0096838C
SetCurrentDirectoryW.KERNEL32(?), ref: 00968395

Strings

*.*, xrefs: 0096839B

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: 4d5ae7e9c972c632b3db4565773a8c859ab2d973f7f9261f6c53dc53d20efdb5
Instruction ID: 281870d0c50cb80fe27fd403ba6b8e2fc29e2bdb73aa8694c51fbc38c83ef397
Opcode Fuzzy Hash: 4d5ae7e9c972c632b3db4565773a8c859ab2d973f7f9261f6c53dc53d20efdb5
Instruction Fuzzy Hash: 24614BB25083099FCB10EF64C8509AFB3E8FF89314F04491AF999D7251EB35EA45CB92

Function 0095D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008F3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008F3A97,?,?,008F2E7F,?,?,?,00000000), ref: 008F3AC2

Part of subcall function 0095E199: GetFileAttributesW.KERNEL32(?,0095CF95), ref: 0095E19A

FindFirstFileW.KERNEL32(?,?), ref: 0095D122
DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0095D1DD
MoveFileW.KERNEL32(?,?), ref: 0095D1F0
DeleteFileW.KERNEL32(?,?,?,?), ref: 0095D20D
FindNextFileW.KERNEL32(00000000,00000010), ref: 0095D237

Part of subcall function 0095D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0095D21C,?,?), ref: 0095D2B2

FindClose.KERNEL32(00000000,?,?,?), ref: 0095D253
FindClose.KERNEL32(00000000), ref: 0095D264

Strings

\*.*, xrefs: 0095D0CD, 0095D0D6, 0095D0EB

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 1946585618-1173974218
Opcode ID: 7845d4172fa43bdf3dddb539f86a04d277d7f198aed2579bb48214a0b87d52a3
Instruction ID: 8c76308de77f629687cf4cb12ddd01e07f90bdd78151d9128b8b9eb6034f2ff9
Opcode Fuzzy Hash: 7845d4172fa43bdf3dddb539f86a04d277d7f198aed2579bb48214a0b87d52a3
Instruction Fuzzy Hash: 3661AC7180610D9ACF15EBE5D982AFDB7B9EF50341F204065E812B7291EB30AF09CB61

Function 0096ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 0096ED91
EmptyClipboard.USER32 ref: 0096ED97
GlobalAlloc.KERNEL32(00000002,?), ref: 0096EDAC
CloseClipboard.USER32 ref: 0096EEA3

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: 9e88f2ea6454e9982e6064a5db93505491715ebffd6be62d760e37f1d7def5d7
Instruction ID: 940df5cba9c140d68bc31e2f32599fd8ecbe63d04207cba7afcfcb60fefea093
Opcode Fuzzy Hash: 9e88f2ea6454e9982e6064a5db93505491715ebffd6be62d760e37f1d7def5d7
Instruction Fuzzy Hash: 8341D379608612AFE311CF19E888F29BBE5FF44318F14C099E4168B7A2C776ED41CB90

Function 0095E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 009516C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0095170D
Part of subcall function 009516C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0095173A
Part of subcall function 009516C3: GetLastError.KERNEL32 ref: 0095174A

ExitWindowsEx.USER32(?,00000000), ref: 0095E932

Strings

, xrefs: 0095E920
, xrefs: 0095E95C
SeShutdownPrivilege, xrefs: 0095E902
@, xrefs: 0095E925

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: 26ff96b12a1527abf315fee5e66cf4077b30b19c88da38c04762b59ffeda5875
Instruction ID: 2b342dd25b2dd48e2f9c14c7d09533f3a92f3aa47650ce9e26d941ae506b71f6
Opcode Fuzzy Hash: 26ff96b12a1527abf315fee5e66cf4077b30b19c88da38c04762b59ffeda5875
Instruction Fuzzy Hash: C3014E72A10210AFEB18A676BC96FBF725C9B04792F140822FC13E31D1D5765D4883A0

Function 00971204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00971276
WSAGetLastError.WSOCK32 ref: 00971283
bind.WSOCK32(00000000,?,00000010), ref: 009712BA
WSAGetLastError.WSOCK32 ref: 009712C5
closesocket.WSOCK32(00000000), ref: 009712F4
listen.WSOCK32(00000000,00000005), ref: 00971303
WSAGetLastError.WSOCK32 ref: 0097130D
closesocket.WSOCK32(00000000), ref: 0097133C

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ErrorLast$closesocket$bindlistensocket
String ID:
API String ID: 540024437-0
Opcode ID: dc1794fa6d6634ac82b1f126dd15ec9232e722a1da502a5d6ad7b182e12d8999
Instruction ID: 336097939b448e72541c3ed36e819cbe91598e1bb9cd0d9e8cab1157144fcf8b
Opcode Fuzzy Hash: dc1794fa6d6634ac82b1f126dd15ec9232e722a1da502a5d6ad7b182e12d8999
Instruction Fuzzy Hash: 60416E726001009FD710DF68C489B29BBE6BF86318F18C198E95A9F393C771ED85CBA1

Function 0092B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0092B9D4
_free.LIBCMT ref: 0092B9F8
_free.LIBCMT ref: 0092BB7F
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00993700), ref: 0092BB91
WideCharToMultiByte.KERNEL32(00000000,00000000,009C121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0092BC09
WideCharToMultiByte.KERNEL32(00000000,00000000,009C1270,000000FF,?,0000003F,00000000,?), ref: 0092BC36
_free.LIBCMT ref: 0092BD4B

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID:
API String ID: 314583886-0
Opcode ID: 8534e170290070ac14256d60830d05bfeed051703ad006d7a5a6c786890f6aeb
Instruction ID: f80d58cd60858001e99f695d2dbc2fd7b4cbddf4d6d45caaccefdfa684919875
Opcode Fuzzy Hash: 8534e170290070ac14256d60830d05bfeed051703ad006d7a5a6c786890f6aeb
Instruction Fuzzy Hash: C0C11775D04225AFCB24DF68EC41BAE7BFCEF86310F14419AE4A1D725AEB309E419750

Function 0095D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008F3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008F3A97,?,?,008F2E7F,?,?,?,00000000), ref: 008F3AC2

Part of subcall function 0095E199: GetFileAttributesW.KERNEL32(?,0095CF95), ref: 0095E19A

FindFirstFileW.KERNEL32(?,?), ref: 0095D420
DeleteFileW.KERNEL32(?,?,?,?), ref: 0095D470
FindNextFileW.KERNEL32(00000000,00000010), ref: 0095D481
FindClose.KERNEL32(00000000), ref: 0095D498
FindClose.KERNEL32(00000000), ref: 0095D4A1

Strings

\*.*, xrefs: 0095D3F2

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: f5595496f540762cf84b7dad644713aa0b031582032b29c5b57a8554aa1baced
Instruction ID: 5bd45e3a1598ebe503289e7807bf0d98eea47d5236b67e79522dcc1c3aaffdc7
Opcode Fuzzy Hash: f5595496f540762cf84b7dad644713aa0b031582032b29c5b57a8554aa1baced
Instruction Fuzzy Hash: BA31AF7101D3459BC214EF69D8918BF77E8FE91311F404A2DF9E5822A1EB30EA0D9763

Function 0092E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 0092E645

Strings

1#IND, xrefs: 0092F83D
1#SNAN, xrefs: 0092F844
1#QNAN, xrefs: 0092F84B
1#INF, xrefs: 0092F852

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 5e5faf73119dff7784ab59e590ec844b8de6bc93d3bcac59a69d399a9d228c16
Instruction ID: 868c6feaee80b8f2c31766aeb1fceabe6efa106db3b642ba4498f085652925ca
Opcode Fuzzy Hash: 5e5faf73119dff7784ab59e590ec844b8de6bc93d3bcac59a69d399a9d228c16
Instruction Fuzzy Hash: 52C23C71E086298FDB25CF28ED907EAB7B9EB44304F1545EAD44DE7244E778AE818F40

Function 0096648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 009664DC
CoInitialize.OLE32(00000000), ref: 00966639
CoCreateInstance.OLE32(0098FCF8,00000000,00000001,0098FB68,?), ref: 00966650
CoUninitialize.OLE32 ref: 009668D4

Strings

.lnk, xrefs: 009664BA, 00966524, 009665E0

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: 9ee589a2e0cc87a84dd86951e5a168e405787d17cd49f49509a62262777c7a91
Instruction ID: 3fe8a20e91935853fe1d973d7d3e81df6ad0b3da8e37f435857b488a59f49ae1
Opcode Fuzzy Hash: 9ee589a2e0cc87a84dd86951e5a168e405787d17cd49f49509a62262777c7a91
Instruction Fuzzy Hash: 60D13A715182059FD314EF28C881E6BB7E9FF94704F10496DF696CB291EB70EA05CB92

Function 009722DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 009722E8

Part of subcall function 0096E4EC: GetWindowRect.USER32(?,?), ref: 0096E504

GetDesktopWindow.USER32 ref: 00972312
GetWindowRect.USER32(00000000), ref: 00972319
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00972355
GetCursorPos.USER32(?), ref: 00972381
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 009723DF

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: bfb380b2ebd1d6900fc78cd8582aade57308447da99ef40c5cd30ae48973d3ac
Instruction ID: f5790f009bd55b23ef619c114e68321c9a9ec1e17888ef692f35b0f341402b4a
Opcode Fuzzy Hash: bfb380b2ebd1d6900fc78cd8582aade57308447da99ef40c5cd30ae48973d3ac
Instruction Fuzzy Hash: BE31D072518315AFDB20DF14D849F5BBBAAFFC4710F004919F98997291DB34EA08CBA2

Function 00969B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00969B78
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00969C8B

Part of subcall function 00963874: GetInputState.USER32 ref: 009638CB
Part of subcall function 00963874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00963966

Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00969BA8
FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00969C75

Strings

*.*, xrefs: 00969B5D

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
String ID: *.*
API String ID: 1972594611-438819550
Opcode ID: eb57d333367335a7acab3c367c4bf83a97eab620aec06b45c2a35a65641c4131
Instruction ID: 8d491eaf8d2bec8d240108d90d0bbc12eadd5a9e6c0e52bd92f77fdfbe922b3c
Opcode Fuzzy Hash: eb57d333367335a7acab3c367c4bf83a97eab620aec06b45c2a35a65641c4131
Instruction Fuzzy Hash: 52416E7190420AAFCF14DF64C985AEEBBBCFF45350F244056F859A2291EB349E84CF61

Function 0090997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON

Download Yara Rule

APIs

Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2

DefDlgProcW.USER32(?,?,?,?,?), ref: 00909A4E
GetSysColor.USER32(0000000F), ref: 00909B23
SetBkColor.GDI32(?,00000000), ref: 00909B36

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Color$LongProcWindow
String ID:
API String ID: 3131106179-0
Opcode ID: b8a6a1bebb6cf8b1bafe5c25c5749a68e9be391644d7d444ebbf2db440909af8
Instruction ID: 9eb35e4984983f99ae20a6f376fd0c126fa6684281ca4e8a9f230ccbf4eeccf0
Opcode Fuzzy Hash: b8a6a1bebb6cf8b1bafe5c25c5749a68e9be391644d7d444ebbf2db440909af8
Instruction Fuzzy Hash: FBA1247021D408BEE728AA7C8C98F7B7A9DDB86350F150609F412DA6D3CB299D01D376

Function 00971806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0097304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0097307A
Part of subcall function 0097304E: _wcslen.LIBCMT ref: 0097309B

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0097185D
WSAGetLastError.WSOCK32 ref: 00971884
bind.WSOCK32(00000000,?,00000010), ref: 009718DB
WSAGetLastError.WSOCK32 ref: 009718E6
closesocket.WSOCK32(00000000), ref: 00971915

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
String ID:
API String ID: 1601658205-0
Opcode ID: 48ec471a4ed3c9768b7c0992ca4c1b87706d39c754d7824e327ab1a88e16c7fb
Instruction ID: 84b4a0d9786602ee5a653b40506f8d2884cf6adcde6dec7557e7bdd85cabff2e
Opcode Fuzzy Hash: 48ec471a4ed3c9768b7c0992ca4c1b87706d39c754d7824e327ab1a88e16c7fb
Instruction Fuzzy Hash: 1D519475A002149FD710AF28C886F7A77E5EB84718F18C458FA099F3D3D775AD418BA2

Function 00981C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00981CC0
IsWindowEnabled.USER32 ref: 00981CCE
GetForegroundWindow.USER32(?,?,00000001,?), ref: 00981CDB
IsIconic.USER32 ref: 00981CE9
IsZoomed.USER32 ref: 00981CF7

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: ad63bf496b566c718f5a27e1b2daa464064ab76675109d905e52d515ba534e65
Instruction ID: 1c827366d84d1d82be749d5e596fb6fc638087de8ffc0eac6b3766ce12b54b8d
Opcode Fuzzy Hash: ad63bf496b566c718f5a27e1b2daa464064ab76675109d905e52d515ba534e65
Instruction Fuzzy Hash: A121A3717442115FD720AF2AD844B6A7BADEF85314B198068E886CB351DB71EC43CBA0

Function 008F8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON

Download Yara Rule

Strings

VUUU, xrefs: 008F83FA
VUUU, xrefs: 008F83E8
VUUU, xrefs: 00935DF0
ERCP, xrefs: 008F813C
VUUU, xrefs: 008F843C

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID: ERCP$VUUU$VUUU$VUUU$VUUU
API String ID: 0-1546025612
Opcode ID: 96f52c0e091d628152ec2d5f7894aac4b8d1a9362bf4fa2743d0689c23beb657
Instruction ID: 847d064847710e144724540bf7ed1f91e810d470f7a73e51aacd4618091a3840
Opcode Fuzzy Hash: 96f52c0e091d628152ec2d5f7894aac4b8d1a9362bf4fa2743d0689c23beb657
Instruction Fuzzy Hash: 30A24871A0061ECBDF248F68C8447BEB7B5FB54314F2581AAE915EB284EB749D81CF90

Function 0095AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0095AAAC
SetKeyboardState.USER32(00000080), ref: 0095AAC8
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0095AB36
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0095AB88

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 094073df1d5026997cc92957bbb70cd9b036758386a5555f0df9d921732ec41b
Instruction ID: a8b1f80597e3407a64c78221016fdf25ba21d7eca767e07aa173508ce20c6a9c
Opcode Fuzzy Hash: 094073df1d5026997cc92957bbb70cd9b036758386a5555f0df9d921732ec41b
Instruction Fuzzy Hash: 48314C70A40208AEFF30CB66CC05BFA77AAAB44312F04431BF881521D0D3758989D7EA

Function 0096CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000400,?), ref: 0096CE89
GetLastError.KERNEL32(?,00000000), ref: 0096CEEA
SetEvent.KERNEL32(?,?,00000000), ref: 0096CEFE

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ErrorEventFileInternetLastRead
String ID:
API String ID: 234945975-0
Opcode ID: 11ba8927f34d920ec6459dee8a3d0e3315993b77bd70efe26751b92dab82fca4
Instruction ID: b6b8d36acf0b3a93024d083f75d301f765d2ca154821049efe398015d279adec
Opcode Fuzzy Hash: 11ba8927f34d920ec6459dee8a3d0e3315993b77bd70efe26751b92dab82fca4
Instruction Fuzzy Hash: C721EDB16043059BDB20CF65C948BA6B7FCEB40354F10481EF682D2151E735EE44DB60

Function 00958298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,00000000), ref: 009582AA

Strings

(, xrefs: 009582F0
|, xrefs: 009582DA

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: lstrlen
String ID: ($|
API String ID: 1659193697-1631851259
Opcode ID: e8ba1ffe6e4ba1e7feb7fc210f3826027a5bb9602501c4cb405e794f25f495b6
Instruction ID: 00eff583cede69069b5e8f30fd1c7435222ea6ba400b29a8b26e0e0491fdc01c
Opcode Fuzzy Hash: e8ba1ffe6e4ba1e7feb7fc210f3826027a5bb9602501c4cb405e794f25f495b6
Instruction Fuzzy Hash: 50322775A007059FCB28CF59C481A6AB7F0FF48710B15C56EE99AEB7A1EB70E941CB40

Function 00965C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00965CC1
FindNextFileW.KERNEL32(00000000,?), ref: 00965D17
FindClose.KERNEL32(?), ref: 00965D5F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 859856669f8760711cad27847a0e58db4b2bba99c433a19e9f7c9b19fd4380a9
Instruction ID: 81ed35c0834d22a02ad5b4b30a65b7672a4fa6f54b3f6b4c5d63495ce371db26
Opcode Fuzzy Hash: 859856669f8760711cad27847a0e58db4b2bba99c433a19e9f7c9b19fd4380a9
Instruction Fuzzy Hash: 3A51AA74604A019FC714CF28C494A9AB7E8FF49324F15855EE9AA8B3E2CB30ED44CB91

Function 00922622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 0092271A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00922724
UnhandledExceptionFilter.KERNEL32(?), ref: 00922731

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: ae5e4de3ee4d39fec42205363313bc94577656b8ecdd822aa47ff20018097d33
Instruction ID: 44275d2f92685ad53e244d19dcf39c5c9186b53a8d98f2a6bea4994dfa5b0eef
Opcode Fuzzy Hash: ae5e4de3ee4d39fec42205363313bc94577656b8ecdd822aa47ff20018097d33
Instruction Fuzzy Hash: 6E31D37491122CABCB21DF68DD897DDBBB8AF48310F5041EAE81CA7260E7709F858F44

Function 009651CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 009651DA
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00965238
SetErrorMode.KERNEL32(00000000), ref: 009652A1

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: 8d03a0b44124cf21a5cd8372f7f31fb91323c72c7c0523d5087697016c7d77ce
Instruction ID: 27a1e3f89229b99d0d3e4695c2159dfe4e86cb0c3290b98f3838dd02b9dd86ab
Opcode Fuzzy Hash: 8d03a0b44124cf21a5cd8372f7f31fb91323c72c7c0523d5087697016c7d77ce
Instruction Fuzzy Hash: DC318E75A10508DFDB00DF64D8C8EADBBB4FF48314F058099E905AB3A2CB31E846CBA1

Function 009516C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 0090FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00910668
Part of subcall function 0090FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00910685

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0095170D
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0095173A
GetLastError.KERNEL32 ref: 0095174A

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 577356006-0
Opcode ID: 40b349fe04ab4c88d0e986fcac7e87d0273a7d7ccd91a3595a1bb58bc8da7b01
Instruction ID: 89555e122a54efb0eef16c4a8eb74afd0f3d6e0a451ea9e7dad083db02c5062a
Opcode Fuzzy Hash: 40b349fe04ab4c88d0e986fcac7e87d0273a7d7ccd91a3595a1bb58bc8da7b01
Instruction Fuzzy Hash: 46110EB2414305AFD728EF64EC86E6BB7BDEB48711B20842EE45653681EB70BC418B20

Function 0095D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0095D608
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0095D645
CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0095D650

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: 8fd2d5f751f86b19aaf6fbf5e6c920367e34f25d07ee16799a2d8e32cda3b0f1
Instruction ID: 741461ce194f9cb752bdd1ce3ef9fc057511f5505ce77b88133538a4ca0819ed
Opcode Fuzzy Hash: 8fd2d5f751f86b19aaf6fbf5e6c920367e34f25d07ee16799a2d8e32cda3b0f1
Instruction Fuzzy Hash: AA115EB5E06228BFDB20CF95EC45FAFBBBCEB45B50F108116F914E7290D6704A059BA1

Function 00951663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0095168C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 009516A1
FreeSid.ADVAPI32(?), ref: 009516B1

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: 5fc17813a298a43b42234c7bc5e4fae716e2d69badc1a03a303be379220b5813
Instruction ID: 6aae4d2fbe2d0858845ee565b5e7d4fe88add538654ef5f5ac543361e551a88a
Opcode Fuzzy Hash: 5fc17813a298a43b42234c7bc5e4fae716e2d69badc1a03a303be379220b5813
Instruction Fuzzy Hash: 49F0F4B5950309FBDF00DFE49C89EAEBBBCEB08645F504565E901E2281E774AA449B60

Function 0092C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

/, xrefs: 0092C36C

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: 3a255462ea47a9887c09bed528b440ac4965edf0325be543d9ad9f2851f14d75
Instruction ID: d3adac4f0da00b383a5a54fbe21b35af2e35e187e421d11e4c56c590ebdd72c4
Opcode Fuzzy Hash: 3a255462ea47a9887c09bed528b440ac4965edf0325be543d9ad9f2851f14d75
Instruction Fuzzy Hash: 7F4126B2900229ABCB20EFB9EC49EAF77BCEB84754F104669F915D7184E6709D818B50

Function 0094D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 0094D28C

Strings

X64, xrefs: 0094D2A8

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: NameUser
String ID: X64
API String ID: 2645101109-893830106
Opcode ID: fba770683d475b33ce852882235711d9ed41a0425dacaaa106cde870235da716
Instruction ID: e49b2e2fc95f0108da0bba2a9f7b0de48d8d583180f3652090f31a2cdd12627a
Opcode Fuzzy Hash: fba770683d475b33ce852882235711d9ed41a0425dacaaa106cde870235da716
Instruction Fuzzy Hash: 44D0C9B481611DEFCF90CB90DC88DD9B37CBB04345F100651F106A2140D77495489F20

Function 0091CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction ID: 46d92e5ff2ef39d8ada638918b1bc2e677afa31f919a246d1104b74f04d48780
Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction Fuzzy Hash: D2021CB1F402199BDF14CFA9D8806EDBBF5EF88314F25856AD819E7380D731AE418B94

Function 009668EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00966918
FindClose.KERNEL32(00000000), ref: 00966961

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 37ff40f5599b694761061611811cc2a2b57ebd489d82289a9c623d2ab82e7a66
Instruction ID: 2f11ee7732d5ac1d529a973d8ce0d99334af9798b6e76aa9392adfef035562ef
Opcode Fuzzy Hash: 37ff40f5599b694761061611811cc2a2b57ebd489d82289a9c623d2ab82e7a66
Instruction Fuzzy Hash: 8611D0716042059FD710CF29C484A26BBE4FF88328F04C699E8698F3A2CB30EC05CB91

Function 009637B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00974891,?,?,00000035,?), ref: 009637E4
FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00974891,?,?,00000035,?), ref: 009637F4

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: ce0703560f01e1ff6bd595fb5c4936fdff5528f3a987fc53005f5c03ae6e97c2
Instruction ID: 0124879bfad4f7c83cdc8b985e1f5f8f1c7d63dd824e57732d2ac8f1e8880801
Opcode Fuzzy Hash: ce0703560f01e1ff6bd595fb5c4936fdff5528f3a987fc53005f5c03ae6e97c2
Instruction Fuzzy Hash: A2F0E5B06042292AE72017769C4DFEB3AAEEFC4761F000165F509E2291DA709904C7B0

Function 0095B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0095B25D
keybd_event.USER32(?,7694C0D0,?,00000000), ref: 0095B270

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: d94bc5db8fd874173c69f9a45cb49f265b5d6169b7eb79119b2ca68cadc4f53d
Instruction ID: 5042e92ca8813b6e3f46f0c752f5c74a3a59ac08fa743b862107d1d0f34bd75e
Opcode Fuzzy Hash: d94bc5db8fd874173c69f9a45cb49f265b5d6169b7eb79119b2ca68cadc4f53d
Instruction Fuzzy Hash: 4BF01D7181424DABDF05DFA1D805BAE7BB4FF04305F008409F965A5291C77996159FA4

Function 009510BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,009511FC), ref: 009510D4
CloseHandle.KERNEL32(?,?,009511FC), ref: 009510E9

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: 1060e1daef7133c096554a558790756a8a839043a8c167afae9b38a74a4ab4ad
Instruction ID: c2317a1fe5ce38326530ffccfe762d644f34c36292e0bbf385811423937ee2b8
Opcode Fuzzy Hash: 1060e1daef7133c096554a558790756a8a839043a8c167afae9b38a74a4ab4ad
Instruction Fuzzy Hash: 50E0BF72018611AEE7256B61FC05F7777ADEB04311F24892EF5A5805F1DB72AC90EB60

Function 008FCAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON

Download Yara Rule

Strings

Variable is not of type 'Object'., xrefs: 00940C40

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID: Variable is not of type 'Object'.
API String ID: 0-1840281001
Opcode ID: c98bcb922c7ec9e1cfd6125ef8a9785266ab7b7c0b34c4dc6fd5fe8ccca0b619
Instruction ID: b96f0e5358050f655582086092d92ebbf55e86ae82664803d6a1289133900ad7
Opcode Fuzzy Hash: c98bcb922c7ec9e1cfd6125ef8a9785266ab7b7c0b34c4dc6fd5fe8ccca0b619
Instruction Fuzzy Hash: 4A326A7090021DDBCF14DFA4CA85AFDB7B9FF44308F144059EA06AB292DB75AE45CB61

Function 0092676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00926766,?,?,00000008,?,?,0092FEFE,00000000), ref: 00926998

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: dc82c654b443c68821c72469299be52b0e1b8caa43798e1c3eb4aa5ef93e7d8c
Instruction ID: 0b175aa6505b181df4175977cb56a60c48693e69716aba49b6264b3c883e9e62
Opcode Fuzzy Hash: dc82c654b443c68821c72469299be52b0e1b8caa43798e1c3eb4aa5ef93e7d8c
Instruction Fuzzy Hash: 52B17A35610618CFD719CF28D48AB647BE0FF45364F298698E8DACF6A6C735E981CB40

Function 0090B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON

Download Yara Rule

Strings

, xrefs: 0094851F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: f298ab42f9ec758cd745dc14c6b6e917fc64786c40603f7db6f2a4f4319f19b1
Instruction ID: 9ca2338a55c44f33df4b01ac516d4bdb322bd63c812da467a6275634fcc2bdee
Opcode Fuzzy Hash: f298ab42f9ec758cd745dc14c6b6e917fc64786c40603f7db6f2a4f4319f19b1
Instruction Fuzzy Hash: 7F1230759002299FDB14DF58C881BEEB7F9FF48710F14819AE849EB295DB349E81CB90

Function 0096EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 0096EABD

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: 11178d9c44ef92d61c69ec16fc32a739566a20fa6b494462aa4fba8c0d7607ad
Instruction ID: 0c8d9acf23238a8bd69b17a7c324dd6aa8c02e8d06e34ea1ca2e114f213f8e11
Opcode Fuzzy Hash: 11178d9c44ef92d61c69ec16fc32a739566a20fa6b494462aa4fba8c0d7607ad
Instruction Fuzzy Hash: 56E01A392102099FC710EFA9D844E9AF7E9FF98760F008426FD49C7351DAB4E8408BA1

Function 009109D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,009103EE), ref: 009109DA

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: d7558226439822dee4631abfe70ac8ceaeeba22f1ae26e319de3255458c01f38
Instruction ID: 7b21ec81cc9ced11dee26ddcc90b7a204efcca0db5b80210d835456214ca830e
Opcode Fuzzy Hash: d7558226439822dee4631abfe70ac8ceaeeba22f1ae26e319de3255458c01f38
Instruction Fuzzy Hash:

Function 0091781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 0091798B

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction ID: da2afe27cdbebb53ef2b4e0ff906352318bb9f59fc16d3000f62d9beabc96657
Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction Fuzzy Hash: A351386170C64F67DB3885E889997FFE3BD9B42340F180989E882D7282C615DECAD356

Function 00926DD9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 611b677661a5e3d8c00d8ede76bdbaea1939761ac964e5d03cc5cddb6ff73b15
Instruction ID: 0cd8b9b52a6832acceebbdc2087aab6bb7d27a418243c26f9f5fca085228d09a
Opcode Fuzzy Hash: 611b677661a5e3d8c00d8ede76bdbaea1939761ac964e5d03cc5cddb6ff73b15
Instruction Fuzzy Hash: 3D321122D3DF114DD7239638E862336A24DAFB73C5F25D727F81AB59A9EB29C4835100

Function 0090CC39 Relevance: .6, Instructions: 635COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 108f738f5953af6da507178d57834019629869f702c724cc40f87a07883d8479
Instruction ID: 6504da76c743b731d16cc2b499585c5b7adf23ca6495ae67a84ae58d3cc5b7e9
Opcode Fuzzy Hash: 108f738f5953af6da507178d57834019629869f702c724cc40f87a07883d8479
Instruction Fuzzy Hash: 4F3247B1A051258FDF68CF28C4D0E7D77A9EB45315F298A2AD48ADB2D2E334DD81DB00

Function 008F7920 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0533169006f746317d869f525550fcc5a0e598acefc7829f15096422a69eec7
Instruction ID: ae2d3865770f3cb038364eb1eee52f1341a0f656e5b00fdaac942a6e684037e1
Opcode Fuzzy Hash: e0533169006f746317d869f525550fcc5a0e598acefc7829f15096422a69eec7
Instruction Fuzzy Hash: 1F229F70A0460ADFDF14CF64C881ABEB7B6FF48314F214629E816E7291EB36AD51CB51

Function 008F91C0 Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b2bf609cac523614b74f0d5e98eba72c24020aba8f5c7d6aa26d53562cd4dd4
Instruction ID: 62f0ac0ad56eb614ffef409c688feda90edb4224b8d63de66dd433da4f308fff
Opcode Fuzzy Hash: 8b2bf609cac523614b74f0d5e98eba72c24020aba8f5c7d6aa26d53562cd4dd4
Instruction Fuzzy Hash: 8B02A2B1A0020AEBDB14DF64D881BAEB7B5FF44300F118169E956DB2D1EB31AE51CF91

Function 00929EEE Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe87959655556f31d3102427c59608cc97bf9a5bc7a95d4da5b6af716034489f
Instruction ID: 889353caef9a45fdf7f9bf0370fe0f6bf59cb46a5c24348559c8f95d128404c9
Opcode Fuzzy Hash: fe87959655556f31d3102427c59608cc97bf9a5bc7a95d4da5b6af716034489f
Instruction Fuzzy Hash: 61B11221D7AF514DD3239A398832336B65CAFBB6D5F91D31BFC2674D22EB2286835140

Function 00917A4A Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74378dfb70bf8ef55bd4198ae63e0a6f46f3330c2714442ccb8bbaea09d7c331
Instruction ID: de48c66e439c4170500785f6eaaf54fc392a83a4b5660400e7ad673fa4ec071b
Opcode Fuzzy Hash: 74378dfb70bf8ef55bd4198ae63e0a6f46f3330c2714442ccb8bbaea09d7c331
Instruction Fuzzy Hash: 2261346178C70F56DA349AE88995BFFE3BCDF81700F24091AE883DB281DB159EC28355

Function 00917CA7 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d39fe64e695102433f802d8a214c411bf84b6520ae98d2a5a730315703e6887
Instruction ID: 13a9e5b25b3afdbd80419ce0d47deff7f20e53b705ac32ecc186d57ee05b04c2
Opcode Fuzzy Hash: 4d39fe64e695102433f802d8a214c411bf84b6520ae98d2a5a730315703e6887
Instruction Fuzzy Hash: E461566970C60F66DA384AE86855BFFE3FC9F82704F100D59E843CB2D1DA16ADC2D255

Function 00962046 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f02df4d4e4893946398ac2e17f6089b56f880093767a94cfd7453881d209b828
Instruction ID: ed2ff82570823406f1c30a211f2fa58795b41a7f896338e50fc6cc123bceb7a8
Opcode Fuzzy Hash: f02df4d4e4893946398ac2e17f6089b56f880093767a94cfd7453881d209b828
Instruction Fuzzy Hash: 8321EC327206158BD728CF79C92367E73E9A794310F25862EE4A7C37D0DE39A904DB90

Function 00972ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00972B30
DeleteObject.GDI32(00000000), ref: 00972B43
DestroyWindow.USER32 ref: 00972B52
GetDesktopWindow.USER32 ref: 00972B6D
GetWindowRect.USER32(00000000), ref: 00972B74
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00972CA3
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00972CB1
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00972CF8
GetClientRect.USER32(00000000,?), ref: 00972D04
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00972D40
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00972D62
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00972D75
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00972D80
GlobalLock.KERNEL32(00000000), ref: 00972D89
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00972D98
GlobalUnlock.KERNEL32(00000000), ref: 00972DA1
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00972DA8
GlobalFree.KERNEL32(00000000), ref: 00972DB3
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00972DC5
OleLoadPicture.OLEAUT32(?,00000000,00000000,0098FC38,00000000), ref: 00972DDB
GlobalFree.KERNEL32(00000000), ref: 00972DEB
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00972E11
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00972E30
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00972E52
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0097303F

Strings

AutoIt v3, xrefs: 00972CF2
, xrefs: 00972FC5
DISPLAY, xrefs: 00972EA2
static, xrefs: 00972D3A, 00972E91

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 10f555a8f90940684b6dacec04aba7f9a9b383c2335a7d98bfef787aba7e5146
Instruction ID: 5c9503a78b824d630881059f56cf0e349ebd93bca24674888e82c41d941fd0fc
Opcode Fuzzy Hash: 10f555a8f90940684b6dacec04aba7f9a9b383c2335a7d98bfef787aba7e5146
Instruction Fuzzy Hash: F7029CB2910209AFDB14DF64CC89EAE7BB9FF49314F048159F919AB2A1D774ED00DB60

Function 009870D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 0098712F
GetSysColorBrush.USER32(0000000F), ref: 00987160
GetSysColor.USER32(0000000F), ref: 0098716C
SetBkColor.GDI32(?,000000FF), ref: 00987186
SelectObject.GDI32(?,?), ref: 00987195
InflateRect.USER32(?,000000FF,000000FF), ref: 009871C0
GetSysColor.USER32(00000010), ref: 009871C8
CreateSolidBrush.GDI32(00000000), ref: 009871CF
FrameRect.USER32(?,?,00000000), ref: 009871DE
DeleteObject.GDI32(00000000), ref: 009871E5
InflateRect.USER32(?,000000FE,000000FE), ref: 00987230
FillRect.USER32(?,?,?), ref: 00987262
GetWindowLongW.USER32(?,000000F0), ref: 00987284

Part of subcall function 009873E8: GetSysColor.USER32(00000012), ref: 00987421
Part of subcall function 009873E8: SetTextColor.GDI32(?,?), ref: 00987425
Part of subcall function 009873E8: GetSysColorBrush.USER32(0000000F), ref: 0098743B
Part of subcall function 009873E8: GetSysColor.USER32(0000000F), ref: 00987446
Part of subcall function 009873E8: GetSysColor.USER32(00000011), ref: 00987463
Part of subcall function 009873E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00987471
Part of subcall function 009873E8: SelectObject.GDI32(?,00000000), ref: 00987482
Part of subcall function 009873E8: SetBkColor.GDI32(?,00000000), ref: 0098748B
Part of subcall function 009873E8: SelectObject.GDI32(?,?), ref: 00987498
Part of subcall function 009873E8: InflateRect.USER32(?,000000FF,000000FF), ref: 009874B7
Part of subcall function 009873E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009874CE
Part of subcall function 009873E8: GetWindowLongW.USER32(00000000,000000F0), ref: 009874DB

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: c77ad8a9ad99cafbc925b0b77b5a941a3057120bcc5531f12a732fc40a51261b
Instruction ID: 3f0adc9b696bedbbb3306922501e6b0e02e0fce4515e31d162c9ca5ed9a7a555
Opcode Fuzzy Hash: c77ad8a9ad99cafbc925b0b77b5a941a3057120bcc5531f12a732fc40a51261b
Instruction Fuzzy Hash: B3A194B201C301BFDB10AF64DC48E5BBBA9FF49321F100A19F562962E1D775D944DB61

Function 00972711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 0097273E
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0097286A
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 009728A9
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 009728B9
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00972900
GetClientRect.USER32(00000000,?), ref: 0097290C
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00972955
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00972964
GetStockObject.GDI32(00000011), ref: 00972974
SelectObject.GDI32(00000000,00000000), ref: 00972978
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00972988
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00972991
DeleteDC.GDI32(00000000), ref: 0097299A
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 009729C6
SendMessageW.USER32(00000030,00000000,00000001), ref: 009729DD
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00972A1D
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00972A31
SendMessageW.USER32(00000404,00000001,00000000), ref: 00972A42
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00972A77
GetStockObject.GDI32(00000011), ref: 00972A82
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00972A8D
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00972A97

Strings

AutoIt v3, xrefs: 009728F8
static, xrefs: 0097294F, 00972A71
DISPLAY, xrefs: 0097295A
msctls_progress32, xrefs: 00972A13

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 111626495e5170a6ef901c547381e127ae92398abf0dd2121448fd3ae645f188
Instruction ID: 4e09b3cabe886acce8ab8d88a3c4f731a2b844004795c36ce44aee036334973a
Opcode Fuzzy Hash: 111626495e5170a6ef901c547381e127ae92398abf0dd2121448fd3ae645f188
Instruction Fuzzy Hash: 49B15DB1A10209AFEB14DF68CD89FAE7BA9FB48714F008114FA15E7291D774ED40CBA4

Function 00964ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00964AED
GetDriveTypeW.KERNEL32(?,0098CB68,?,\\.\,0098CC08), ref: 00964BCA
SetErrorMode.KERNEL32(00000000,0098CB68,?,\\.\,0098CC08), ref: 00964D36

Strings

Unknown, xrefs: 00964BED, 00964C83
PhysicalDrive, xrefs: 00964B76
MMC, xrefs: 00964CDE
SATA, xrefs: 00964CD0
Removable, xrefs: 00964C10, 00964C15
RAID, xrefs: 00964CBB
\\.\, xrefs: 00964B3F
Fibre, xrefs: 00964CAD
RAMDisk, xrefs: 00964BF4
ATAPI, xrefs: 00964C91
FileBackedVirtual, xrefs: 00964CEC
1394, xrefs: 00964C9F
CDROM, xrefs: 00964BFB
Fixed, xrefs: 00964C09
SAS, xrefs: 00964CC9
USB, xrefs: 00964CB4
SSA, xrefs: 00964CA6
ATA, xrefs: 00964C98
Network, xrefs: 00964C02
SCSI, xrefs: 00964C8A
iSCSI, xrefs: 00964CC2
Virtual, xrefs: 00964CE5
SSD, xrefs: 00964C4A

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: d83d787d9953eed367a02fb5d0abb41353040e7ae26cc58fec98fbc1dfe82701
Instruction ID: 262c5702510c735129a318bb0ee381e7b5fc3a2fb85b7027a027fd7ae15e6651
Opcode Fuzzy Hash: d83d787d9953eed367a02fb5d0abb41353040e7ae26cc58fec98fbc1dfe82701
Instruction Fuzzy Hash: 1061C17060520A9BCB14DFA8CA819FD7BA4EF84354B248815F886EB391DB3DFD41DB42

Function 009873E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 00987421
SetTextColor.GDI32(?,?), ref: 00987425
GetSysColorBrush.USER32(0000000F), ref: 0098743B
GetSysColor.USER32(0000000F), ref: 00987446
CreateSolidBrush.GDI32(?), ref: 0098744B
GetSysColor.USER32(00000011), ref: 00987463
CreatePen.GDI32(00000000,00000001,00743C00), ref: 00987471
SelectObject.GDI32(?,00000000), ref: 00987482
SetBkColor.GDI32(?,00000000), ref: 0098748B
SelectObject.GDI32(?,?), ref: 00987498
InflateRect.USER32(?,000000FF,000000FF), ref: 009874B7
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009874CE
GetWindowLongW.USER32(00000000,000000F0), ref: 009874DB
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0098752A
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00987554
InflateRect.USER32(?,000000FD,000000FD), ref: 00987572
DrawFocusRect.USER32(?,?), ref: 0098757D
GetSysColor.USER32(00000011), ref: 0098758E
SetTextColor.GDI32(?,00000000), ref: 00987596
DrawTextW.USER32(?,009870F5,000000FF,?,00000000), ref: 009875A8
SelectObject.GDI32(?,?), ref: 009875BF
DeleteObject.GDI32(?), ref: 009875CA
SelectObject.GDI32(?,?), ref: 009875D0
DeleteObject.GDI32(?), ref: 009875D5
SetTextColor.GDI32(?,?), ref: 009875DB
SetBkColor.GDI32(?,?), ref: 009875E5

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: f5569425684903318056133b962782d8e43a3cb4dc6faa16c88055df6223c071
Instruction ID: 796a8b022f38367a0cc6ca001491df87c982fd7d466de832e6948735d40bb511
Opcode Fuzzy Hash: f5569425684903318056133b962782d8e43a3cb4dc6faa16c88055df6223c071
Instruction Fuzzy Hash: 5E6160B2918218AFDF019FA4DC49EAEBF79EB08320F214515F915AB3A1D7749940DBA0

Function 00980FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00981128
GetDesktopWindow.USER32 ref: 0098113D
GetWindowRect.USER32(00000000), ref: 00981144
GetWindowLongW.USER32(?,000000F0), ref: 00981199
DestroyWindow.USER32(?), ref: 009811B9
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 009811ED
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0098120B
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0098121D
SendMessageW.USER32(00000000,00000421,?,?), ref: 00981232
SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00981245
IsWindowVisible.USER32(00000000), ref: 009812A1
SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 009812BC
SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 009812D0
GetWindowRect.USER32(00000000,?), ref: 009812E8
MonitorFromPoint.USER32(?,?,00000002), ref: 0098130E
GetMonitorInfoW.USER32(00000000,?), ref: 00981328
CopyRect.USER32(?,?), ref: 0098133F
SendMessageW.USER32(00000000,00000412,00000000), ref: 009813AA

Strings

0, xrefs: 009810D3
tooltips_class32, xrefs: 009811E6
(, xrefs: 0098131B

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: 7011e84b178aca6f3a81ca61a12fc667e26306e359452a400132d492032ef4de
Instruction ID: 6921796367a537bbd73057eecfe909520fc55d274a8417f892d10e904293bc95
Opcode Fuzzy Hash: 7011e84b178aca6f3a81ca61a12fc667e26306e359452a400132d492032ef4de
Instruction Fuzzy Hash: 10B17071608341AFD714DF68C884B6ABBE8FF88350F00891DF9999B361D771E845CBA2

Function 00980241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 009802E5
_wcslen.LIBCMT ref: 0098031F
_wcslen.LIBCMT ref: 00980389
_wcslen.LIBCMT ref: 009803F1
_wcslen.LIBCMT ref: 00980475
SendMessageW.USER32(?,00001032,00000000,00000000), ref: 009804C5
SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00980504

Part of subcall function 0090F9F2: _wcslen.LIBCMT ref: 0090F9FD

Part of subcall function 0095223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00952258
Part of subcall function 0095223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0095228A

Strings

GETITEMCOUNT, xrefs: 00980316, 00980337
DESELECT, xrefs: 0098059C
SELECTINVERT, xrefs: 0098057E
GETSUBITEMCOUNT, xrefs: 00980384, 0098039F
GETSELECTED, xrefs: 009805E1
SELECTALL, xrefs: 00980515
SELECTCLEAR, xrefs: 0098052D
GETTEXT, xrefs: 009803EC, 00980407
VIEWCHANGE, xrefs: 00980675
SELECT, xrefs: 00980548
FINDITEM, xrefs: 00980627
ISSELECTED, xrefs: 009804DD
GETSELECTEDCOUNT, xrefs: 00980470, 0098048B

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
API String ID: 1103490817-719923060
Opcode ID: ac7d7684198a17277e20cafad83734108715cf7e196cc509da6cb5d8b64b607f
Instruction ID: f8cdc6beef4ae05130d5b791e5c62378386c69b6c05702e4789f16edf58c02ce
Opcode Fuzzy Hash: ac7d7684198a17277e20cafad83734108715cf7e196cc509da6cb5d8b64b607f
Instruction Fuzzy Hash: 68E19B312082018FC764EF28C55197AB7E6FFC8714B144A6DF8969B3A1EB34ED49CB52

Function 00908891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00908968
GetSystemMetrics.USER32(00000007), ref: 00908970
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0090899B
GetSystemMetrics.USER32(00000008), ref: 009089A3
GetSystemMetrics.USER32(00000004), ref: 009089C8
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 009089E5
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 009089F5
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00908A28
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00908A3C
GetClientRect.USER32(00000000,000000FF), ref: 00908A5A
GetStockObject.GDI32(00000011), ref: 00908A76
SendMessageW.USER32(00000000,00000030,00000000), ref: 00908A81

Part of subcall function 0090912D: GetCursorPos.USER32(?), ref: 00909141
Part of subcall function 0090912D: ScreenToClient.USER32(00000000,?), ref: 0090915E
Part of subcall function 0090912D: GetAsyncKeyState.USER32(00000001), ref: 00909183
Part of subcall function 0090912D: GetAsyncKeyState.USER32(00000002), ref: 0090919D

SetTimer.USER32(00000000,00000000,00000028,009090FC), ref: 00908AA8

Strings

AutoIt v3 GUI, xrefs: 00908A20

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: 14108ad2d1ee3ba21aea264cd9f39f77fde968b46b44f5d295f68bcbae9cbab8
Instruction ID: f69f1c145630e0aa379951642de7ef0f915dbca2a4a4937090a5494c8ba4db48
Opcode Fuzzy Hash: 14108ad2d1ee3ba21aea264cd9f39f77fde968b46b44f5d295f68bcbae9cbab8
Instruction Fuzzy Hash: 5CB158B1A0420AAFDF14DFA8DC55FAA3BB5FB49314F104229FA15A72D0DB34E840DB65

Function 00950D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 009510F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00951114
Part of subcall function 009510F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00950B9B,?,?,?), ref: 00951120
Part of subcall function 009510F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00950B9B,?,?,?), ref: 0095112F
Part of subcall function 009510F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00950B9B,?,?,?), ref: 00951136
Part of subcall function 009510F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0095114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00950DF5
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00950E29
GetLengthSid.ADVAPI32(?), ref: 00950E40
GetAce.ADVAPI32(?,00000000,?), ref: 00950E7A
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00950E96
GetLengthSid.ADVAPI32(?), ref: 00950EAD
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00950EB5
HeapAlloc.KERNEL32(00000000), ref: 00950EBC
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00950EDD
CopySid.ADVAPI32(00000000), ref: 00950EE4
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00950F13
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00950F35
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00950F47
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00950F6E
HeapFree.KERNEL32(00000000), ref: 00950F75
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00950F7E
HeapFree.KERNEL32(00000000), ref: 00950F85
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00950F8E
HeapFree.KERNEL32(00000000), ref: 00950F95
GetProcessHeap.KERNEL32(00000000,?), ref: 00950FA1
HeapFree.KERNEL32(00000000), ref: 00950FA8

Part of subcall function 00951193: GetProcessHeap.KERNEL32(00000008,00950BB1,?,00000000,?,00950BB1,?), ref: 009511A1
Part of subcall function 00951193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00950BB1,?), ref: 009511A8
Part of subcall function 00951193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00950BB1,?), ref: 009511B7

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: a2e6a4249d1b9b5ba76972e0032776b952e069da5ce18a9305c7c744843ec6be
Instruction ID: 3e4e3351e165f7619d4979ee456111e0c6ef2cc5932055ae363ecbfa7001911b
Opcode Fuzzy Hash: a2e6a4249d1b9b5ba76972e0032776b952e069da5ce18a9305c7c744843ec6be
Instruction Fuzzy Hash: 8B715AB290420AABDF20DFA5DC49FAEBBBCBF44742F144115FD19A6291D7319A09CB70

Function 0097C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0097C4BD
RegCreateKeyExW.ADVAPI32(?,?,00000000,0098CC08,00000000,?,00000000,?,?), ref: 0097C544
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0097C5A4
_wcslen.LIBCMT ref: 0097C5F4
_wcslen.LIBCMT ref: 0097C66F
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0097C6B2
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0097C7C1
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0097C84D
RegCloseKey.ADVAPI32(?), ref: 0097C881
RegCloseKey.ADVAPI32(00000000), ref: 0097C88E
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0097C960

Strings

REG_BINARY, xrefs: 0097C913
REG_EXPAND_SZ, xrefs: 0097C5CD
REG_SZ, xrefs: 0097C644
REG_DWORD, xrefs: 0097C804
REG_QWORD, xrefs: 0097C8C3
REG_MULTI_SZ, xrefs: 0097C6F5

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: 2c7351b7997bd25e0ba1a34e1cbd93e84ed7031b59f4d9279e4ca6f541c9cfd6
Instruction ID: 5debf7d666aa3b01c979d5e75a300d40d30f2c2c1b512646fdfd8edf08513d86
Opcode Fuzzy Hash: 2c7351b7997bd25e0ba1a34e1cbd93e84ed7031b59f4d9279e4ca6f541c9cfd6
Instruction Fuzzy Hash: 13126A756042059FDB14DF28C881B6AB7E5FF88714F14885CF98A9B3A2DB31ED45CB82

Function 0098091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 009809C6
_wcslen.LIBCMT ref: 00980A01
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00980A54
_wcslen.LIBCMT ref: 00980A8A
_wcslen.LIBCMT ref: 00980B06
_wcslen.LIBCMT ref: 00980B81

Part of subcall function 0090F9F2: _wcslen.LIBCMT ref: 0090F9FD

Part of subcall function 00952BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00952BFA

Strings

GETITEMCOUNT, xrefs: 00980C1E
CHECK, xrefs: 00980A85, 00980AA0
ISCHECKED, xrefs: 00980CE1
COLLAPSE, xrefs: 00980B01, 00980B1C
UNCHECK, xrefs: 00980D3E
EXISTS, xrefs: 00980B7C, 00980B97
EXPAND, xrefs: 00980BF8
GETTEXT, xrefs: 00980C97
SELECT, xrefs: 00980D11
GETSELECTED, xrefs: 00980C4E
GETTOTALCOUNT, xrefs: 009809F2, 00980A17

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: 85f5d7d60bdf7ce33ee9a13139c0d538a6a19fcb1607191ced81523e0242abdd
Instruction ID: a63a0ef0f6b89d85fae8700d57049a31607023b76beba83db80bb3f5ed61a4ff
Opcode Fuzzy Hash: 85f5d7d60bdf7ce33ee9a13139c0d538a6a19fcb1607191ced81523e0242abdd
Instruction Fuzzy Hash: C0E19B312087018FCB54EF29C45096AB7E5FFD8354B14895DF8969B3A2DB31EE49CB82

Function 0097C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,0097B6AE,?,?), ref: 0097C9B5
_wcslen.LIBCMT ref: 0097C9F1
_wcslen.LIBCMT ref: 0097CA68
_wcslen.LIBCMT ref: 0097CA9E
_wcslen.LIBCMT ref: 0097CAF9
_wcslen.LIBCMT ref: 0097CB2F
_wcslen.LIBCMT ref: 0097CB7F

Strings

HKEY_CURRENT_CONFIG, xrefs: 0097CB79, 0097CB7E
HKEY_CLASSES_ROOT, xrefs: 0097CAF3, 0097CAF8
HKEY_CURRENT_USER, xrefs: 0097CBBD
HKEY_USERS, xrefs: 0097CBDF
HKU, xrefs: 0097CBF0
HKCU, xrefs: 0097CBCE
HKEY_LOCAL_MACHINE, xrefs: 0097CA62, 0097CA67
HKLM, xrefs: 0097CA98, 0097CA9D
HKCR, xrefs: 0097CB29, 0097CB2E
HKCC, xrefs: 0097CBAC

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: 6c4fe451a9ebb54fe3746c1d9727756fc94fe1d7d5b44a0994b8280200f8053a
Instruction ID: eed677540bd6f3944d282e57d6d46fcefc1c04657b5b57ef2b3062cf9e1df7f2
Opcode Fuzzy Hash: 6c4fe451a9ebb54fe3746c1d9727756fc94fe1d7d5b44a0994b8280200f8053a
Instruction Fuzzy Hash: 9C71F9B360052A8BCB24DE7CCD516FE3399AFA4764B25852CF85D97284EA35CD45C3A0

Function 0098833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0098835A
_wcslen.LIBCMT ref: 0098836E
_wcslen.LIBCMT ref: 00988391
_wcslen.LIBCMT ref: 009883B4
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 009883F2
LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00985BF2), ref: 0098844E
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00988487
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 009884CA
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00988501
FreeLibrary.KERNEL32(?), ref: 0098850D
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0098851D
DestroyIcon.USER32(?,?,?,?,?,00985BF2), ref: 0098852C
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00988549
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00988555

Strings

.exe, xrefs: 00988388
.dll, xrefs: 009883AB
.icl, xrefs: 00988368

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: 769b15adc53428561c71c2f83b9ec1eb39d297d1023129845a3022c59fce3b4e
Instruction ID: 95e27921acb0033e8590c5d9f7c6dc08d01fc56b12858e5e6bb457e767439933
Opcode Fuzzy Hash: 769b15adc53428561c71c2f83b9ec1eb39d297d1023129845a3022c59fce3b4e
Instruction Fuzzy Hash: AA61DE72604209BAEB14EF64CC81BBF77ACBF48B21F504609F815D62E1DB74A980D7B0

Function 008F7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON

Download Yara Rule

Strings

#OnAutoItStartRegister, xrefs: 008F7817
#comments-start, xrefs: 008F785F, 008F78B1
#pragma compile, xrefs: 008F77D3
', xrefs: 00935169
#cs, xrefs: 008F7873, 008F78C5
#requireadmin, xrefs: 008F77FF
Cannot parse #include, xrefs: 00935279
#comments-end, xrefs: 008F78D9
Unterminated group of comments, xrefs: 0093528C
", xrefs: 00935153
#ce, xrefs: 008F78ED
Bad directive syntax error, xrefs: 0093519A
#include, xrefs: 008F7847
#notrayicon, xrefs: 008F77E7
#include-once, xrefs: 008F782F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 0-1645009161
Opcode ID: c969bab5ff4cea162932f879443c555bfa8826a1ccce04711cdf444e8f1a4d09
Instruction ID: 0104eec3f4e1d0d4159d76244672175680d5267f33b70f50db5733092811571d
Opcode Fuzzy Hash: c969bab5ff4cea162932f879443c555bfa8826a1ccce04711cdf444e8f1a4d09
Instruction Fuzzy Hash: 4281B471614209AAEB20BF74CC42FBB37A9FF95344F054024FA05EA196EB70DA51D7A1

Function 00963E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 00963EF8
_wcslen.LIBCMT ref: 00963F03
_wcslen.LIBCMT ref: 00963F5A
_wcslen.LIBCMT ref: 00963F98
GetDriveTypeW.KERNEL32(?), ref: 00963FD6
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0096401E
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00964059
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00964087

Strings

type cdaudio alias cd wait, xrefs: 00964001
set cd door , xrefs: 00964028
open, xrefs: 00963F54, 00963F59
closed, xrefs: 00963F08, 00963F2D, 00963F46, 00963F7E, 00963F97
close, xrefs: 00963EFE, 00963F18
close cd wait, xrefs: 00964072
wait, xrefs: 00964044
open , xrefs: 00963FE5

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: SendString_wcslen$BuffCharDriveLowerType
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 1839972693-4113822522
Opcode ID: d2e7dd523e41a5715a78f681bd0f448a6ac712c8e0c265992bf7d7503c69625c
Instruction ID: 5f86402c5b65fde04ea1d0c7a4f676bdf8eeeaadffd26db461c97e5b7a662bce
Opcode Fuzzy Hash: d2e7dd523e41a5715a78f681bd0f448a6ac712c8e0c265992bf7d7503c69625c
Instruction Fuzzy Hash: 3771AD726042169FC310DF38C8809AAB7E8FF94768F10892DFA95D7251EB35EE45CB52

Function 00955A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00955A2E
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00955A40
SetWindowTextW.USER32(?,?), ref: 00955A57
GetDlgItem.USER32(?,000003EA), ref: 00955A6C
SetWindowTextW.USER32(00000000,?), ref: 00955A72
GetDlgItem.USER32(?,000003E9), ref: 00955A82
SetWindowTextW.USER32(00000000,?), ref: 00955A88
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00955AA9
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00955AC3
GetWindowRect.USER32(?,?), ref: 00955ACC
_wcslen.LIBCMT ref: 00955B33
SetWindowTextW.USER32(?,?), ref: 00955B6F
GetDesktopWindow.USER32 ref: 00955B75
GetWindowRect.USER32(00000000), ref: 00955B7C
MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00955BD3
GetClientRect.USER32(?,?), ref: 00955BE0
PostMessageW.USER32(?,00000005,00000000,?), ref: 00955C05
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00955C2F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
String ID:
API String ID: 895679908-0
Opcode ID: 2e6d48e6d951618dec0b6eeb19d6852f596f5553fb9363165f6439bd1dcdb6bd
Instruction ID: a70acaa429d152c717f10e2e3ed04d55996b9f0e0b3d11561ce38eab95dcc015
Opcode Fuzzy Hash: 2e6d48e6d951618dec0b6eeb19d6852f596f5553fb9363165f6439bd1dcdb6bd
Instruction Fuzzy Hash: F8719F71900B05AFCB20DFA9CE59B6EBBF9FF48705F110918E542A36A1D774E904CB60

Function 0096FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 0096FE27
LoadCursorW.USER32(00000000,00007F8A), ref: 0096FE32
LoadCursorW.USER32(00000000,00007F00), ref: 0096FE3D
LoadCursorW.USER32(00000000,00007F03), ref: 0096FE48
LoadCursorW.USER32(00000000,00007F8B), ref: 0096FE53
LoadCursorW.USER32(00000000,00007F01), ref: 0096FE5E
LoadCursorW.USER32(00000000,00007F81), ref: 0096FE69
LoadCursorW.USER32(00000000,00007F88), ref: 0096FE74
LoadCursorW.USER32(00000000,00007F80), ref: 0096FE7F
LoadCursorW.USER32(00000000,00007F86), ref: 0096FE8A
LoadCursorW.USER32(00000000,00007F83), ref: 0096FE95
LoadCursorW.USER32(00000000,00007F85), ref: 0096FEA0
LoadCursorW.USER32(00000000,00007F82), ref: 0096FEAB
LoadCursorW.USER32(00000000,00007F84), ref: 0096FEB6
LoadCursorW.USER32(00000000,00007F04), ref: 0096FEC1
LoadCursorW.USER32(00000000,00007F02), ref: 0096FECC
GetCursorInfo.USER32(?), ref: 0096FEDC
GetLastError.KERNEL32 ref: 0096FF1E

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: 9e6f6ea36adce6a6321f60486492bf3c77e16f16a030a97fb3062915b435262b
Instruction ID: ae20fb0520b249b2b5690310d73b6f8da14a9e6582fa4dbe4db0692ec98be2c9
Opcode Fuzzy Hash: 9e6f6ea36adce6a6321f60486492bf3c77e16f16a030a97fb3062915b435262b
Instruction Fuzzy Hash: 5C4135B0D083196ADB10DFBA9C8585EBFE8FF04754B50452AF11DE7281DB789901CF91

Function 009100C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 009100C6

Part of subcall function 009100ED: InitializeCriticalSectionAndSpinCount.KERNEL32(009C070C,00000FA0,053037D6,?,?,?,?,009323B3,000000FF), ref: 0091011C
Part of subcall function 009100ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,009323B3,000000FF), ref: 00910127
Part of subcall function 009100ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,009323B3,000000FF), ref: 00910138
Part of subcall function 009100ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0091014E
Part of subcall function 009100ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0091015C
Part of subcall function 009100ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0091016A
Part of subcall function 009100ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00910195
Part of subcall function 009100ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 009101A0

___scrt_fastfail.LIBCMT ref: 009100E7

Part of subcall function 009100A3: __onexit.LIBCMT ref: 009100A9

Strings

api-ms-win-core-synch-l1-2-0.dll, xrefs: 00910122
WakeAllConditionVariable, xrefs: 00910162
SleepConditionVariableCS, xrefs: 00910154
InitializeConditionVariable, xrefs: 00910148
kernel32.dll, xrefs: 00910133

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: 8c2ac94ab25cabe234175e3e93135774bb0b840f1216c49d8ca048e5004dbd1e
Instruction ID: a6e3968cf6949f8a794a76d3341ce14ca2611058cf372599ae3346b8a0a707c4
Opcode Fuzzy Hash: 8c2ac94ab25cabe234175e3e93135774bb0b840f1216c49d8ca048e5004dbd1e
Instruction Fuzzy Hash: B5210772B5C704EFD7106B64AC59FAA3398EBC5F54F000129F901E27D1DBB998809BA0

Function 009530F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0095318D
_wcslen.LIBCMT ref: 009531F8

Strings

REGEXPCLASS, xrefs: 00953255, 00953266
INSTANCE, xrefs: 00953453
CLASSNN, xrefs: 009531F3, 00953204
CLASS, xrefs: 00953188, 009531A5
TEXT, xrefs: 0095347C
NAME, xrefs: 00953335, 00953346

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _wcslen
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 176396367-1603158881
Opcode ID: c2239995ab177f7dcb50e774f3469820a53ffbd7c37c18d58699cbbcc101c565
Instruction ID: c5104a20c1541b79aa53972dd5e7be87d9f50c1cf50f152848bc9ef5cea51bd0
Opcode Fuzzy Hash: c2239995ab177f7dcb50e774f3469820a53ffbd7c37c18d58699cbbcc101c565
Instruction Fuzzy Hash: 48E1F632A0051AABCB24DF79C4517EDBBB4BF44791F64C529E856E7240EB30AF8D8790

Function 009644C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,0098CC08), ref: 00964527
_wcslen.LIBCMT ref: 0096453B
_wcslen.LIBCMT ref: 00964599
_wcslen.LIBCMT ref: 009645F4
_wcslen.LIBCMT ref: 0096463F
_wcslen.LIBCMT ref: 009646A7

Part of subcall function 0090F9F2: _wcslen.LIBCMT ref: 0090F9FD

GetDriveTypeW.KERNEL32(?,009B6BF0,00000061), ref: 00964743

Strings

removable, xrefs: 009645EA, 009645EF
unknown, xrefs: 00964708
fixed, xrefs: 00964635, 0096463A
ramdisk, xrefs: 009646F1
network, xrefs: 0096469D, 009646A2
cdrom, xrefs: 0096458F, 00964594
all, xrefs: 00964531, 00964536

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: 73af4fb4fa4b550a319e14f6a149bdb660abcb7bac3bda86463ae09e640d1033
Instruction ID: b3448f404cf851492a54325cd2160c1ddf7db204680f7959e6e21dc4c33b808f
Opcode Fuzzy Hash: 73af4fb4fa4b550a319e14f6a149bdb660abcb7bac3bda86463ae09e640d1033
Instruction Fuzzy Hash: E3B1FF716083029FC720DF68C890A7AB7E9FFA5760F50491DF596C7291EB34D944CBA2

Function 00973FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,0098CC08), ref: 009740BB
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 009740CD
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0098CC08), ref: 009740F2
FreeLibrary.KERNEL32(00000000,?,0098CC08), ref: 0097413E
StringFromGUID2.OLE32(?,?,00000028,?,0098CC08), ref: 009741A8
SysFreeString.OLEAUT32(00000009), ref: 00974262
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 009742C8
SysFreeString.OLEAUT32(?), ref: 009742F2

Strings

GetModuleHandleExW, xrefs: 009740C7
kernel32.dll, xrefs: 009740B6

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 354098117-199464113
Opcode ID: 60c619605e2a0ffa82837c4c4cd76b6fc83fb3319c7cb9fd6dbbbdb9797b348b
Instruction ID: 1220fc4e9cec8e051b860a953493e80e0af9ddbef218e9ffb09a561e4546f9b6
Opcode Fuzzy Hash: 60c619605e2a0ffa82837c4c4cd76b6fc83fb3319c7cb9fd6dbbbdb9797b348b
Instruction Fuzzy Hash: B6122976A00119EFDB14DF94C884EAEB7B9FF45314F24C098E9199B262D731ED46CBA0

Function 008F326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(009C1990), ref: 00932F8D
GetMenuItemCount.USER32(009C1990), ref: 0093303D
GetCursorPos.USER32(?), ref: 00933081
SetForegroundWindow.USER32(00000000), ref: 0093308A
TrackPopupMenuEx.USER32(009C1990,00000000,?,00000000,00000000,00000000), ref: 0093309D
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 009330A9

Strings

0, xrefs: 008F327D

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID: 0
API String ID: 36266755-4108050209
Opcode ID: 76f4761c9922a2b34fc24b6d63ad7dceef6f489e1851ae777bd690d261d09c37
Instruction ID: 0fce5df7e4b14c0cee5e1690fba02f1f67eb9ed98676e5ce41dee880a3d743e8
Opcode Fuzzy Hash: 76f4761c9922a2b34fc24b6d63ad7dceef6f489e1851ae777bd690d261d09c37
Instruction Fuzzy Hash: 2C712C70644209BFEB259F29CC49FAABF68FF05364F204216F614AA2E1C7B1AD14DB50

Function 00986CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 00986DEB

Part of subcall function 008F6B57: _wcslen.LIBCMT ref: 008F6B6A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00986E5F
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00986E81
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00986E94
DestroyWindow.USER32(?), ref: 00986EB5
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,008F0000,00000000), ref: 00986EE4
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00986EFD
GetDesktopWindow.USER32 ref: 00986F16
GetWindowRect.USER32(00000000), ref: 00986F1D
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00986F35
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00986F4D

Part of subcall function 00909944: GetWindowLongW.USER32(?,000000EB), ref: 00909952

Strings

tooltips_class32, xrefs: 00986E58, 00986EDD
0, xrefs: 00986D98

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: b85b90aa5c033e17a717cb653c28dbf0f8522179c395b1dcf6a7d403dcc18f13
Instruction ID: 0040b08fe494ada4305213a07461b0877f359ebb21f4dc9f55bbbcfd69af1e4c
Opcode Fuzzy Hash: b85b90aa5c033e17a717cb653c28dbf0f8522179c395b1dcf6a7d403dcc18f13
Instruction Fuzzy Hash: 8D717AB0504245AFDB21DF28DC48FAABBE9FB89304F44051DFA898B362D770E905DB25

Function 0098911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2

DragQueryPoint.SHELL32(?,?), ref: 00989147

Part of subcall function 00987674: ClientToScreen.USER32(?,?), ref: 0098769A
Part of subcall function 00987674: GetWindowRect.USER32(?,?), ref: 00987710
Part of subcall function 00987674: PtInRect.USER32(?,?,00988B89), ref: 00987720

SendMessageW.USER32(?,000000B0,?,?), ref: 009891B0
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 009891BB
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 009891DE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 00989225
SendMessageW.USER32(?,000000B0,?,?), ref: 0098923E
SendMessageW.USER32(?,000000B1,?,?), ref: 00989255
SendMessageW.USER32(?,000000B1,?,?), ref: 00989277
DragFinish.SHELL32(?), ref: 0098927E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00989371

Strings

@GUI_DROPID, xrefs: 0098929E
@GUI_DRAGID, xrefs: 009892E9
@GUI_DRAGFILE, xrefs: 00989320

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 221274066-3440237614
Opcode ID: 6e8bfcada456514f13a8c4884f4cf4f30cc595c93274502fe804b856a589c1c1
Instruction ID: 4c750523996b29465ad5d76dd9118140a3f063d197d95a2047a0d7883efa8ae9
Opcode Fuzzy Hash: 6e8bfcada456514f13a8c4884f4cf4f30cc595c93274502fe804b856a589c1c1
Instruction Fuzzy Hash: D9613B71508305AFC705EF64DC85EABBBE8FFC9750F00092DF595922A1DB709A49CB62

Function 0096C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0096C4B0
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0096C4C3
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0096C4D7
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0096C4F0
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0096C533
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0096C549
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0096C554
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0096C584
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0096C5DC
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0096C5F0
InternetCloseHandle.WININET(00000000), ref: 0096C5FB

Strings

, xrefs: 0096C575

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: fe9b9aa85769690d3df8fa3585f45909d2b68eb6beb9e2f9d3227cae98ce9390
Instruction ID: 986166266265e0d903550933d335abe11be38d4576cbba912c2c8ee6a5eb26c3
Opcode Fuzzy Hash: fe9b9aa85769690d3df8fa3585f45909d2b68eb6beb9e2f9d3227cae98ce9390
Instruction Fuzzy Hash: 955139F1604309BFEB219F64CD88ABB7BBCFB08754F00441AF996D6650DB34E944AB60

Function 0098856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00988592
GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009885A2
GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009885AD
CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009885BA
GlobalLock.KERNEL32(00000000), ref: 009885C8
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009885D7
GlobalUnlock.KERNEL32(00000000), ref: 009885E0
CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009885E7
CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009885F8
OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0098FC38,?), ref: 00988611
GlobalFree.KERNEL32(00000000), ref: 00988621
GetObjectW.GDI32(?,00000018,?), ref: 00988641
CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00988671
DeleteObject.GDI32(?), ref: 00988699
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 009886AF

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: 92d7cca0db6c44d2292a8361a30fd81cd0ca1a6facc391cbbc5d1de67e19a637
Instruction ID: c2f51bbbf404fe643a275997e79c9ae8bcd52edecdbd5df47f41550d8e7687be
Opcode Fuzzy Hash: 92d7cca0db6c44d2292a8361a30fd81cd0ca1a6facc391cbbc5d1de67e19a637
Instruction Fuzzy Hash: 834107B5614208AFDB119FA5DC88EAB7BBDEF89B15F104058F915E73A0DB309901EB70

Function 009614BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00961502
VariantCopy.OLEAUT32(?,?), ref: 0096150B
VariantClear.OLEAUT32(?), ref: 00961517
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 009615FB
VarR8FromDec.OLEAUT32(?,?), ref: 00961657
VariantInit.OLEAUT32(?), ref: 00961708
SysFreeString.OLEAUT32(?), ref: 0096178C
VariantClear.OLEAUT32(?), ref: 009617D8
VariantClear.OLEAUT32(?), ref: 009617E7
VariantInit.OLEAUT32(00000000), ref: 00961823

Strings

%4d%02d%02d%02d%02d%02d, xrefs: 00961625
Default, xrefs: 009616AF

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 1234038744-3931177956
Opcode ID: 173c83cbac8b9ee58aa11319d65a0aecb0b1d0a75f54bbaf44aa0077760d6c74
Instruction ID: d8a74427ed75307d8ddfccc14473c641673053450c9cd78f001baa0b6b521a29
Opcode Fuzzy Hash: 173c83cbac8b9ee58aa11319d65a0aecb0b1d0a75f54bbaf44aa0077760d6c74
Instruction Fuzzy Hash: F2D1CD71A00215EBDB109F65E885B79F7B9FF84700F18845AF447AB690EB34ED40DBA2

Function 0097B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

Part of subcall function 0097C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0097B6AE,?,?), ref: 0097C9B5
Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097C9F1
Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097CA68
Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0097B6F4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0097B772
RegDeleteValueW.ADVAPI32(?,?), ref: 0097B80A
RegCloseKey.ADVAPI32(?), ref: 0097B87E
RegCloseKey.ADVAPI32(?), ref: 0097B89C
LoadLibraryA.KERNEL32(advapi32.dll), ref: 0097B8F2
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0097B904
RegDeleteKeyW.ADVAPI32(?,?), ref: 0097B922
FreeLibrary.KERNEL32(00000000), ref: 0097B983
RegCloseKey.ADVAPI32(00000000), ref: 0097B994

Strings

RegDeleteKeyExW, xrefs: 0097B8FE
advapi32.dll, xrefs: 0097B8ED

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 146587525-4033151799
Opcode ID: 2ca8badb1c01ffc42babd09dbdb2858a9e0f0bc2f06e5015679fa200a8fecfb6
Instruction ID: 3b5acebf57c4d395a3e39a1e107f2008a4f3c863315098d8e61f77eab4f2da01
Opcode Fuzzy Hash: 2ca8badb1c01ffc42babd09dbdb2858a9e0f0bc2f06e5015679fa200a8fecfb6
Instruction Fuzzy Hash: 52C18A71208201AFD714DF28C494F2ABBE5FF84318F14C55CE5AA8B7A2CB75E945CB92

Function 0097255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 009725D8
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 009725E8
CreateCompatibleDC.GDI32(?), ref: 009725F4
SelectObject.GDI32(00000000,?), ref: 00972601
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0097266D
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 009726AC
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 009726D0
SelectObject.GDI32(?,?), ref: 009726D8
DeleteObject.GDI32(?), ref: 009726E1
DeleteDC.GDI32(?), ref: 009726E8
ReleaseDC.USER32(00000000,?), ref: 009726F3

Strings

(, xrefs: 0097268D

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: 979836a7e624780499bcda4eedef3f3acb0b9d8d39e2133b95ff649e878cec0a
Instruction ID: 5232c7f9bc4accc3b83e37ac5cdfe82506e49a9f8fba7b11bb5c61b27d4eab9a
Opcode Fuzzy Hash: 979836a7e624780499bcda4eedef3f3acb0b9d8d39e2133b95ff649e878cec0a
Instruction Fuzzy Hash: 7E6104B6D14219EFCF14CFA4D884AAEBBB5FF48310F20852AE559A7350D770A941DF60

Function 0092DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0092DAA1

Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D659
Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D66B
Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D67D
Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D68F
Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D6A1
Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D6B3
Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D6C5
Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D6D7
Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D6E9
Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D6FB
Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D70D
Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D71F
Part of subcall function 0092D63C: _free.LIBCMT ref: 0092D731

_free.LIBCMT ref: 0092DA96

Part of subcall function 009229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000), ref: 009229DE
Part of subcall function 009229C8: GetLastError.KERNEL32(00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000,00000000), ref: 009229F0

_free.LIBCMT ref: 0092DAB8
_free.LIBCMT ref: 0092DACD
_free.LIBCMT ref: 0092DAD8
_free.LIBCMT ref: 0092DAFA
_free.LIBCMT ref: 0092DB0D
_free.LIBCMT ref: 0092DB1B
_free.LIBCMT ref: 0092DB26
_free.LIBCMT ref: 0092DB5E
_free.LIBCMT ref: 0092DB65
_free.LIBCMT ref: 0092DB82
_free.LIBCMT ref: 0092DB9A

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 2821d2ae40e9ac0dc36ef9d4c6fd5d62eb758dcb83326e698496a31c8849a992
Instruction ID: e33238caba6dfd653e5e25ea5cc10cc8d52f1bda8a2b7c095cecfa40d3155769
Opcode Fuzzy Hash: 2821d2ae40e9ac0dc36ef9d4c6fd5d62eb758dcb83326e698496a31c8849a992
Instruction Fuzzy Hash: 7A316836605324AFEB22AB38F945B5AB7EDFF44320F514829E449D7199DF30EC808B60

Function 0095365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 0095369C
_wcslen.LIBCMT ref: 009536A7
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00953797
GetClassNameW.USER32(?,?,00000400), ref: 0095380C
GetDlgCtrlID.USER32(?), ref: 0095385D
GetWindowRect.USER32(?,?), ref: 00953882
GetParent.USER32(?), ref: 009538A0
ScreenToClient.USER32(00000000), ref: 009538A7
GetClassNameW.USER32(?,?,00000100), ref: 00953921
GetWindowTextW.USER32(?,?,00000400), ref: 0095395D

Strings

%s%u, xrefs: 00953734

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
String ID: %s%u
API String ID: 4010501982-679674701
Opcode ID: 99340704252c34ac5ded64b524acb1bb8a2989cfff75088663039546b7f526e3
Instruction ID: 23bb6ed1db4b18bc533b1b142f15822257ed960b56d8222c7bdaef4c2cbe864e
Opcode Fuzzy Hash: 99340704252c34ac5ded64b524acb1bb8a2989cfff75088663039546b7f526e3
Instruction Fuzzy Hash: E891D3B1204606EFD719DF25C895BEAF7A8FF44391F008529FD99D2190DB30EA49CBA1

Function 00954954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 00954994
GetWindowTextW.USER32(?,?,00000400), ref: 009549DA
_wcslen.LIBCMT ref: 009549EB
CharUpperBuffW.USER32(?,00000000), ref: 009549F7
_wcsstr.LIBVCRUNTIME ref: 00954A2C
GetClassNameW.USER32(00000018,?,00000400), ref: 00954A64
GetWindowTextW.USER32(?,?,00000400), ref: 00954A9D
GetClassNameW.USER32(00000018,?,00000400), ref: 00954AE6
GetClassNameW.USER32(?,?,00000400), ref: 00954B20
GetWindowRect.USER32(?,?), ref: 00954B8B

Strings

ThumbnailClass, xrefs: 00954A6F, 00954AF1

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: 33fe0eb53f450372caf7440cf6967a851792d9baf570e0133246f80a827a69bc
Instruction ID: e038051a7acfcc18470599d23591431cfb398bc4b8667e98349621ddaedfe2d4
Opcode Fuzzy Hash: 33fe0eb53f450372caf7440cf6967a851792d9baf570e0133246f80a827a69bc
Instruction Fuzzy Hash: 7F91F4711082099FDB44CF16C985FAA77ECFF84319F048469FD859A195EB30ED89CBA1

Function 00988D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00988D5A
GetFocus.USER32 ref: 00988D6A
GetDlgCtrlID.USER32(00000000), ref: 00988D75
DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00988E1D
GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00988ECF
GetMenuItemCount.USER32(?), ref: 00988EEC
GetMenuItemID.USER32(?,00000000), ref: 00988EFC
GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00988F2E
GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00988F70
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00988FA1

Strings

0, xrefs: 00988E9F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
String ID: 0
API String ID: 1026556194-4108050209
Opcode ID: 67bf2fe778b82f9416e3261ef02a543ec4daed8e8d2fde67a7cedcdc4a6d20aa
Instruction ID: d531f8e5e3e87b2e9580365d291813a474b6e9902a0215333571ca6eaef3bcef
Opcode Fuzzy Hash: 67bf2fe778b82f9416e3261ef02a543ec4daed8e8d2fde67a7cedcdc4a6d20aa
Instruction Fuzzy Hash: EB818D71508301AFDB10EF24D884AABBBE9FF88354F540919FA9597392DB30D901DBB1

Function 0095BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(009C1990,000000FF,00000000,00000030), ref: 0095BFAC
SetMenuItemInfoW.USER32(009C1990,00000004,00000000,00000030), ref: 0095BFE1
Sleep.KERNEL32(000001F4), ref: 0095BFF3
GetMenuItemCount.USER32(?), ref: 0095C039
GetMenuItemID.USER32(?,00000000), ref: 0095C056
GetMenuItemID.USER32(?,-00000001), ref: 0095C082
GetMenuItemID.USER32(?,?), ref: 0095C0C9
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0095C10F
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0095C124
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0095C145

Strings

0, xrefs: 0095BF3D

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep
String ID: 0
API String ID: 1460738036-4108050209
Opcode ID: 04e7d32e00c04dcc2a66566851bb0c49337d4c281007bfbd573b4d96e588e654
Instruction ID: be6515399694f69404b136a8295d00fc7e638ac735216d74e31e89f06abaab5e
Opcode Fuzzy Hash: 04e7d32e00c04dcc2a66566851bb0c49337d4c281007bfbd573b4d96e588e654
Instruction Fuzzy Hash: C9619BF091834AAFDF11CF69DC88AAEBBB8EB45346F000015FD01A3292C775AD09DB60

Function 0095DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.VERSION(?,?), ref: 0095DC20
GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0095DC46
_wcslen.LIBCMT ref: 0095DC50
_wcsstr.LIBVCRUNTIME ref: 0095DCA0
VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0095DCBC

Strings

\VarFileInfo\Translation, xrefs: 0095DCB4
%u.%u.%u.%u, xrefs: 0095DD9A
04090000, xrefs: 0095DCF2
DefaultLangCodepage, xrefs: 0095DD1F
StringFileInfo\, xrefs: 0095DC8F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
API String ID: 1939486746-1459072770
Opcode ID: 3194315b10685cc0229b5efb5f5d17098e1b89e307b99e41dbbed4eb2e23d4c3
Instruction ID: e2c85dc51b97b977bb75ddee290df55ee3781f8dd05ca899053dd7583ff0d0f6
Opcode Fuzzy Hash: 3194315b10685cc0229b5efb5f5d17098e1b89e307b99e41dbbed4eb2e23d4c3
Instruction Fuzzy Hash: 9441E072A402087ADB20A765DC03FFF76ACEF86721F100469F900A61D2EB749A4097A5

Function 0097CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0097CC64
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0097CC8D
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0097CD48

Part of subcall function 0097CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0097CCAA
Part of subcall function 0097CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0097CCBD
Part of subcall function 0097CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0097CCCF
Part of subcall function 0097CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0097CD05
Part of subcall function 0097CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0097CD28

RegDeleteKeyW.ADVAPI32(?,?), ref: 0097CCF3

Strings

RegDeleteKeyExW, xrefs: 0097CCC9
advapi32.dll, xrefs: 0097CCB8

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: ba7ba82b78331447987e6318cd224b8fd11595acd36345738281ce09a78da542
Instruction ID: a3a17ecf5c42864e3c44d419614ac9f519e3b395e3dd01d7149dd995654a6f86
Opcode Fuzzy Hash: ba7ba82b78331447987e6318cd224b8fd11595acd36345738281ce09a78da542
Instruction Fuzzy Hash: C03161B2905129BBDB218F54DC88EFFBB7CEF45750F004569B909E2240D7749A45EBB0

Function 00963D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00963D40
_wcslen.LIBCMT ref: 00963D6D
CreateDirectoryW.KERNEL32(?,00000000), ref: 00963D9D
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00963DBE
RemoveDirectoryW.KERNEL32(?), ref: 00963DCE
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00963E55
CloseHandle.KERNEL32(00000000), ref: 00963E60
CloseHandle.KERNEL32(00000000), ref: 00963E6B

Strings

:, xrefs: 00963D82
\??\%s, xrefs: 00963D5B
\, xrefs: 00963D77

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
String ID: :$\$\??\%s
API String ID: 1149970189-3457252023
Opcode ID: dcb099745c58e30b0bba8ad10474fc18a5b571699b6a854199a8a1f3d6e2056c
Instruction ID: 28ae503a20461fdb5ffa4df027454318efb0aa5abd2785ad3439a9afec5cc735
Opcode Fuzzy Hash: dcb099745c58e30b0bba8ad10474fc18a5b571699b6a854199a8a1f3d6e2056c
Instruction Fuzzy Hash: 843192B1A14209ABDB219BA0DC49FEF77BCEF89700F1081B6F519D61A0E77497449B34

Function 0095E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 0095E6B4

Part of subcall function 0090E551: timeGetTime.WINMM(?,?,0095E6D4), ref: 0090E555

Sleep.KERNEL32(0000000A), ref: 0095E6E1
EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0095E705
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0095E727
SetActiveWindow.USER32 ref: 0095E746
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0095E754
SendMessageW.USER32(00000010,00000000,00000000), ref: 0095E773
Sleep.KERNEL32(000000FA), ref: 0095E77E
IsWindow.USER32 ref: 0095E78A
EndDialog.USER32(00000000), ref: 0095E79B

Strings

BUTTON, xrefs: 0095E719

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: 5f38b6d0aaf60d9851c626466f4242624a611c1092e551da90a3cb8a809333fd
Instruction ID: a2925b1e278bb4cbb1379261161cdf636ae673c3399e795296688a9b74868b88
Opcode Fuzzy Hash: 5f38b6d0aaf60d9851c626466f4242624a611c1092e551da90a3cb8a809333fd
Instruction Fuzzy Hash: D42193B0628245AFEB049F21EDC9F293B6DFB5538AF100425F855812A1DF76AD08BB34

Function 0095E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0095EA5D
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0095EA73
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0095EA84
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0095EA96
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0095EAA7

Strings

play PlayMe, xrefs: 0095EAA2
status PlayMe mode, xrefs: 0095EA58
close PlayMe, xrefs: 0095EA6E, 0095EA9B
alias PlayMe, xrefs: 0095EA36
play PlayMe wait, xrefs: 0095EA91
open , xrefs: 0095EA0C

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: 537fef522250c080a2df99891a0ee66085cc136f632d3f23d4702c78fdfca87a
Instruction ID: 8a9e4c992a7d7706be258b2c83143a5693abb698820d7fd11a729088f2dbe4dc
Opcode Fuzzy Hash: 537fef522250c080a2df99891a0ee66085cc136f632d3f23d4702c78fdfca87a
Instruction Fuzzy Hash: DF117332A5022D79D724E7B6DD4AEFF6A7CFBD1B54F000429B911E20D1EEB01A49C6B1

Function 00959F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 0095A012
SetKeyboardState.USER32(?), ref: 0095A07D
GetAsyncKeyState.USER32(000000A0), ref: 0095A09D
GetKeyState.USER32(000000A0), ref: 0095A0B4
GetAsyncKeyState.USER32(000000A1), ref: 0095A0E3
GetKeyState.USER32(000000A1), ref: 0095A0F4
GetAsyncKeyState.USER32(00000011), ref: 0095A120
GetKeyState.USER32(00000011), ref: 0095A12E
GetAsyncKeyState.USER32(00000012), ref: 0095A157
GetKeyState.USER32(00000012), ref: 0095A165
GetAsyncKeyState.USER32(0000005B), ref: 0095A18E
GetKeyState.USER32(0000005B), ref: 0095A19C

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: a1ef0181145d9301f16ea3c8d16584b255f2466369665eaf6cc2cd75add959f7
Instruction ID: e755469da2bf2404d74fe51ab198385b042260a0932d14773b0dafce47f75ec3
Opcode Fuzzy Hash: a1ef0181145d9301f16ea3c8d16584b255f2466369665eaf6cc2cd75add959f7
Instruction Fuzzy Hash: 0B51CC309087886DFB35DB7288117EABFF99F12381F084699DDC2571C2DA64AE4CC766

Function 00955CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00955CE2
GetWindowRect.USER32(00000000,?), ref: 00955CFB
MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00955D59
GetDlgItem.USER32(?,00000002), ref: 00955D69
GetWindowRect.USER32(00000000,?), ref: 00955D7B
MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00955DCF
GetDlgItem.USER32(?,000003E9), ref: 00955DDD
GetWindowRect.USER32(00000000,?), ref: 00955DEF
MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00955E31
GetDlgItem.USER32(?,000003EA), ref: 00955E44
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00955E5A
InvalidateRect.USER32(?,00000000,00000001), ref: 00955E67

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: f8f2fac5138b107fa6c4a788d3f68e7dc5cef1bf3a2376bd1cbbaa41740d29e2
Instruction ID: 5545e1839f8f6a32e1a879e4006224e29955de856890fc2ced0c03dcbbcf9bd0
Opcode Fuzzy Hash: f8f2fac5138b107fa6c4a788d3f68e7dc5cef1bf3a2376bd1cbbaa41740d29e2
Instruction Fuzzy Hash: 4E514FB1A10605AFDF18CF69DD99AAE7BB9FF48301F118128F905E7291D7709E04CB60

Function 00908BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00908F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00908BE8,?,00000000,?,?,?,?,00908BBA,00000000,?), ref: 00908FC5

DestroyWindow.USER32(?), ref: 00908C81
KillTimer.USER32(00000000,?,?,?,?,00908BBA,00000000,?), ref: 00908D1B
DestroyAcceleratorTable.USER32(00000000), ref: 00946973
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00908BBA,00000000,?), ref: 009469A1
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00908BBA,00000000,?), ref: 009469B8
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00908BBA,00000000), ref: 009469D4
DeleteObject.GDI32(00000000), ref: 009469E6

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: d2613af721fcf1bbfffea104442c10bc4a4925926ac1e584b160b68e702829a6
Instruction ID: 86ca25c99cb62f7934e4a5f20cc5b05a43d2fedb934c28ecaa5432714805f3eb
Opcode Fuzzy Hash: d2613af721fcf1bbfffea104442c10bc4a4925926ac1e584b160b68e702829a6
Instruction Fuzzy Hash: 1361BE70616710DFEB259F14D948F2A77F5FB42312F10491CE0C29AAA0CB75AC90EFA5

Function 00909838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00909944: GetWindowLongW.USER32(?,000000EB), ref: 00909952

GetSysColor.USER32(0000000F), ref: 00909862

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: af414c25825d188e34fbb8918dda6a09ad562dfa66a05dcee5d470b4622a2413
Instruction ID: a392a69465492aa17a191010bc7870a05a00c9e3b4fbbf042aebb9b9e67d1956
Opcode Fuzzy Hash: af414c25825d188e34fbb8918dda6a09ad562dfa66a05dcee5d470b4622a2413
Instruction Fuzzy Hash: 0F418471108644AFDB205F789C88BB97769AB46731F148615F9A28B3E3D7319C41EB21

Function 009596E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0093F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00959717
LoadStringW.USER32(00000000,?,0093F7F8,00000001), ref: 00959720

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0093F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00959742
LoadStringW.USER32(00000000,?,0093F7F8,00000001), ref: 00959745
MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00959866

Strings

Error: , xrefs: 0095981D
^ ERROR, xrefs: 009597FB
Line %d:, xrefs: 009597A0
%s (%d) : ==> %s: %s %s, xrefs: 0095984A
Line %d (File "%s"):, xrefs: 0095978F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wcslen
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 747408836-2268648507
Opcode ID: 1e63859732611aa2b380d389f908090e5fa2d26b7f386427ee8d73993c123ea3
Instruction ID: 33b01b822fc1cec764aa1a86ca767363b6f64a599e372279b551c2f504cd00b9
Opcode Fuzzy Hash: 1e63859732611aa2b380d389f908090e5fa2d26b7f386427ee8d73993c123ea3
Instruction Fuzzy Hash: A7413C7280421DAADB04EBE5DE86EFE7778EF54341F200065F605B2192EA356F48CB62

Function 009506DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 008F6B57: _wcslen.LIBCMT ref: 008F6B6A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 009507A2
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 009507BE
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 009507DA
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00950804
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0095082C
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00950837
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0095083C

Strings

SOFTWARE\Classes\, xrefs: 0095070E
\IPC$, xrefs: 00950784
\CLSID, xrefs: 00950724

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: 8cb0cb623b7b81cb3d09124f75d2d57d1d060d3fbd6af143467f255ca062f2e0
Instruction ID: 7908a32b37c355c3743e705cff2185c4a2f1a5a470fefa3d5f617b01ebc5fa4f
Opcode Fuzzy Hash: 8cb0cb623b7b81cb3d09124f75d2d57d1d060d3fbd6af143467f255ca062f2e0
Instruction Fuzzy Hash: 6F4107B281022DABDF15EFA4DC85DEDB778FF44390F154129E915A3260EB709E04CBA1

Function 00983F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0098403B
CreateCompatibleDC.GDI32(00000000), ref: 00984042
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00984055
SelectObject.GDI32(00000000,00000000), ref: 0098405D
GetPixel.GDI32(00000000,00000000,00000000), ref: 00984068
DeleteDC.GDI32(00000000), ref: 00984072
GetWindowLongW.USER32(?,000000EC), ref: 0098407C
SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00984092
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 0098409E

Strings

static, xrefs: 00983FD3

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: 0d444547957388ffc84270a72131d27cb71ec2af63bfbfdca01bed1035f7ae09
Instruction ID: b81176804657aa1daae71224ffefd282b7c7e5608c209c6a4ebdd6626a252da5
Opcode Fuzzy Hash: 0d444547957388ffc84270a72131d27cb71ec2af63bfbfdca01bed1035f7ae09
Instruction Fuzzy Hash: E0317C72514216BBDF21AFA4DC48FDB3B69EF0D724F100211FA14E62A0D735D820EBA0

Function 00973C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00973C5C
CoInitialize.OLE32(00000000), ref: 00973C8A
CoUninitialize.OLE32 ref: 00973C94
_wcslen.LIBCMT ref: 00973D2D
GetRunningObjectTable.OLE32(00000000,?), ref: 00973DB1
SetErrorMode.KERNEL32(00000001,00000029), ref: 00973ED5
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00973F0E
CoGetObject.OLE32(?,00000000,0098FB98,?), ref: 00973F2D
SetErrorMode.KERNEL32(00000000), ref: 00973F40
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00973FC4
VariantClear.OLEAUT32(?), ref: 00973FD8

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
String ID:
API String ID: 429561992-0
Opcode ID: ec1ac35f7808a8a5ea97e5d4920840b124d2fce94340a695568c65e01ac10db7
Instruction ID: 1090de533341124b4575f10d278ddc70a6f13b9b99c67576e2e4ad7dcca0c8e1
Opcode Fuzzy Hash: ec1ac35f7808a8a5ea97e5d4920840b124d2fce94340a695568c65e01ac10db7
Instruction Fuzzy Hash: AAC144B26083059FD710DF68C88492BBBE9FF89744F10891DF98A9B250D731EE05DB62

Function 00967A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00967AF3
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00967B8F
SHGetDesktopFolder.SHELL32(?), ref: 00967BA3
CoCreateInstance.OLE32(0098FD08,00000000,00000001,009B6E6C,?), ref: 00967BEF
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00967C74
CoTaskMemFree.OLE32(?,?), ref: 00967CCC
SHBrowseForFolderW.SHELL32(?), ref: 00967D57
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00967D7A
CoTaskMemFree.OLE32(00000000), ref: 00967D81
CoTaskMemFree.OLE32(00000000), ref: 00967DD6
CoUninitialize.OLE32 ref: 00967DDC

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: 53d5e3d0c0b354a6c833e9766bfa6b5b57bf607d8b6330e4d850114254bdfbe1
Instruction ID: b77cb1c48027d24065fbfe1345c20f8e80dee4cff11bbede27ce95c31346c7a5
Opcode Fuzzy Hash: 53d5e3d0c0b354a6c833e9766bfa6b5b57bf607d8b6330e4d850114254bdfbe1
Instruction Fuzzy Hash: C0C11A75A04109AFDB14DFA4C894DAEBBF9FF48308B148499E91ADB361D730EE45CB90

Function 0098541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00985504
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00985515
CharNextW.USER32(00000158), ref: 00985544
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00985585
SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0098559B
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 009855AC

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend$CharNext
String ID:
API String ID: 1350042424-0
Opcode ID: 4a28a3a87745c3bcefacd611732694d23ea0302d5f045a05a9053678ae601aeb
Instruction ID: 14f88c5dd1126c1649991d63a3ddc6ad2358e0bdf197ec8afb0aa524f0f86051
Opcode Fuzzy Hash: 4a28a3a87745c3bcefacd611732694d23ea0302d5f045a05a9053678ae601aeb
Instruction Fuzzy Hash: 8561BC70904609EBDF10AFA0CC84EFE7BB9EF09321F114455F925AB3A0D7348A88DB60

Function 0094FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0094FAAF
SafeArrayAllocData.OLEAUT32(?), ref: 0094FB08
VariantInit.OLEAUT32(?), ref: 0094FB1A
SafeArrayAccessData.OLEAUT32(?,?), ref: 0094FB3A
VariantCopy.OLEAUT32(?,?), ref: 0094FB8D
SafeArrayUnaccessData.OLEAUT32(?), ref: 0094FBA1
VariantClear.OLEAUT32(?), ref: 0094FBB6
SafeArrayDestroyData.OLEAUT32(?), ref: 0094FBC3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0094FBCC
VariantClear.OLEAUT32(?), ref: 0094FBDE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0094FBE9

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: 1c7803eb391d521aea4a34649f5054ca037e202dbbb5e2e91efe3d90cab0ea99
Instruction ID: f2c4006e747002eb09cc9e738e38b43c8f648e5ab44ede4ce1629c65fbeceb61
Opcode Fuzzy Hash: 1c7803eb391d521aea4a34649f5054ca037e202dbbb5e2e91efe3d90cab0ea99
Instruction Fuzzy Hash: C2415175A0421A9FCB00DF68D864DAEBBB9FF48344F008069E906A7361DB30A945CBA0

Function 00959C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00959CA1
GetAsyncKeyState.USER32(000000A0), ref: 00959D22
GetKeyState.USER32(000000A0), ref: 00959D3D
GetAsyncKeyState.USER32(000000A1), ref: 00959D57
GetKeyState.USER32(000000A1), ref: 00959D6C
GetAsyncKeyState.USER32(00000011), ref: 00959D84
GetKeyState.USER32(00000011), ref: 00959D96
GetAsyncKeyState.USER32(00000012), ref: 00959DAE
GetKeyState.USER32(00000012), ref: 00959DC0
GetAsyncKeyState.USER32(0000005B), ref: 00959DD8
GetKeyState.USER32(0000005B), ref: 00959DEA

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 868e3919e5c3be86ab0ed951fbcf0201c92ecf8b55bb535c03f6be7175e20ed5
Instruction ID: 668f2f36bcf98d1239bace2a4841fd930be14bc7fa9932e5fad7abe5b770c870
Opcode Fuzzy Hash: 868e3919e5c3be86ab0ed951fbcf0201c92ecf8b55bb535c03f6be7175e20ed5
Instruction Fuzzy Hash: C741B8745087C9ADFF31D762C8043B5BEB86F11345F04805AEEC65A6C2E7A599CCC7A2

Function 0097055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 009705BC
inet_addr.WSOCK32(?), ref: 0097061C
gethostbyname.WSOCK32(?), ref: 00970628
IcmpCreateFile.IPHLPAPI ref: 00970636
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 009706C6
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 009706E5
IcmpCloseHandle.IPHLPAPI(?), ref: 009707B9
WSACleanup.WSOCK32 ref: 009707BF

Strings

Ping, xrefs: 00970676

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: 6385329ceb7e61741df054c23157f474c40c9a776117dff06f1504e34170ab77
Instruction ID: aeb0d86a1104caf0b23f442e3909163f92bbab6a3ca92ed929f9be2cb7ccd75d
Opcode Fuzzy Hash: 6385329ceb7e61741df054c23157f474c40c9a776117dff06f1504e34170ab77
Instruction Fuzzy Hash: E7916B76608201DFD324DF29C889B1ABBE4AF84318F14C5A9F5698B7A2C734ED45CF91

Function 00978CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 00978CF3

Part of subcall function 00958E54: _wcslen.LIBCMT ref: 00958E77

_wcslen.LIBCMT ref: 00978D4E
_wcslen.LIBCMT ref: 00978D9C
_wcslen.LIBCMT ref: 00978DDC
_wcslen.LIBCMT ref: 00978E6E

Strings

cdecl, xrefs: 00978D48, 00978D4D
stdcall, xrefs: 00978DD6, 00978DDB
winapi, xrefs: 00978D96, 00978D9B
none, xrefs: 00978E65, 00978E6A

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: 6fb339d4150caf921163ff64ab0fae888470ec95f773c12b6f099f3d678b410a
Instruction ID: 86ca3693c95bccbd73f5a73ec8248d4433f303c6eb226eac66103603500caa08
Opcode Fuzzy Hash: 6fb339d4150caf921163ff64ab0fae888470ec95f773c12b6f099f3d678b410a
Instruction Fuzzy Hash: B651C532A401169BCF24EF6CC9459BFB7A9FF64764B208629E52AE72C0DB34DD40C791

Function 0097372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 00973774
CoUninitialize.OLE32 ref: 0097377F
CoCreateInstance.OLE32(?,00000000,00000017,0098FB78,?), ref: 009737D9
IIDFromString.OLE32(?,?), ref: 0097384C
VariantInit.OLEAUT32(?), ref: 009738E4
VariantClear.OLEAUT32(?), ref: 00973936

Strings

Invalid parameter, xrefs: 00973865
Failed to create object, xrefs: 009737E4, 0097389A
NULL Pointer assignment, xrefs: 0097381E

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: 3b90c1a60232cb30bb67a8f6a890b50b58f242e393ede4ac9ffd357ef66a3e01
Instruction ID: dfc346d3beff854e98abd83b27714aff3e4f430416632437132d4341a45fe38a
Opcode Fuzzy Hash: 3b90c1a60232cb30bb67a8f6a890b50b58f242e393ede4ac9ffd357ef66a3e01
Instruction Fuzzy Hash: 9B619272608301AFD310DF64C849FAAB7E8EF88714F108909F98997291D770EE48DB93

Function 00963388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 009633CF

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

LoadStringW.USER32(00000072,?,00000FFF,?), ref: 009633F0

Strings

Error: , xrefs: 009634D1
"%s" (%d) : ==> %s:%s%s, xrefs: 00963504
"%s" (%d) : ==> %s:, xrefs: 00963522
Line %d (File "%s"):, xrefs: 00963443, 0096345C
^ ERROR , xrefs: 0096349E
Incorrect parameters to object property !, xrefs: 009634AB

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-3080491070
Opcode ID: ba94fb957ef83a99d01f67ccd9ceab0732c7f9ca2b3618ee14367782a3b87aa3
Instruction ID: ab4624af9455a39a30c1de8246a7d7706d1248daa299a5cb1e35c4acc1683cbd
Opcode Fuzzy Hash: ba94fb957ef83a99d01f67ccd9ceab0732c7f9ca2b3618ee14367782a3b87aa3
Instruction Fuzzy Hash: 81518E71900209AADF15EBA4DD42EFEB778FF44344F204165F509B21A2EB352F58DB61

Function 0095B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 0095B5FC
_wcslen.LIBCMT ref: 0095B608
_wcslen.LIBCMT ref: 0095B64D
_wcslen.LIBCMT ref: 0095B68C
_wcslen.LIBCMT ref: 0095B6C7

Strings

APPEND, xrefs: 0095B6C1, 0095B6C6
EXISTS, xrefs: 0095B686, 0095B68B
REMOVE, xrefs: 0095B602, 0095B607
KEYS, xrefs: 0095B647, 0095B64C

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 1256254125-769500911
Opcode ID: 2f1c4893b4f873fd23932cb2e59e96e6c92ea838347fb839bd5848af6e1e13a5
Instruction ID: 9bb5d36fa58d6bc445ce2ee63726ba5cefef02bbcd2cf8cf77a54cf55e6b438a
Opcode Fuzzy Hash: 2f1c4893b4f873fd23932cb2e59e96e6c92ea838347fb839bd5848af6e1e13a5
Instruction Fuzzy Hash: 1A412B32A021278BCB20DF7EC8905BE77A9BFA0775B244129ED21DB284E735CD85C790

Function 00965393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 009653A0
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00965416
GetLastError.KERNEL32 ref: 00965420
SetErrorMode.KERNEL32(00000000,READY), ref: 009654A7

Strings

INVALID, xrefs: 00965459
UNKNOWN, xrefs: 00965444
READONLY, xrefs: 00965452
READY, xrefs: 00965460, 00965468
NOTREADY, xrefs: 0096544B

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: 534c52991ffe3c922cf267394fdb3e42726640254c575732ca7554f2365dac73
Instruction ID: 9205493a4e7bad51c41fc953391ec01695b2ed78684c25296b23d1e028734fb1
Opcode Fuzzy Hash: 534c52991ffe3c922cf267394fdb3e42726640254c575732ca7554f2365dac73
Instruction Fuzzy Hash: B431C375A006049FC710DF68C984BAA7BF8FF44305F1580A5E505CB3A2DB75ED86CBA1

Function 00983C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 00983C79
SetMenu.USER32(?,00000000), ref: 00983C88
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00983D10
IsMenu.USER32(?), ref: 00983D24
CreatePopupMenu.USER32 ref: 00983D2E
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00983D5B
DrawMenuBar.USER32 ref: 00983D63

Strings

0, xrefs: 00983C54
F, xrefs: 00983D4E

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: f318d7a44754a79fcf73969f1b73ba8febb946022326b22887a9d91c8ad88d61
Instruction ID: 26a4c1157309fa7c25ff1c564e0a660139889c7645e03808e268a16ec40b1a92
Opcode Fuzzy Hash: f318d7a44754a79fcf73969f1b73ba8febb946022326b22887a9d91c8ad88d61
Instruction Fuzzy Hash: A5418BB5A05209AFDF14DF64E844EAA7BB9FF49710F148028F946973A0D730AA10DFA4

Function 00951EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

Part of subcall function 00953CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00953CCA

SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00951F64
GetDlgCtrlID.USER32 ref: 00951F6F
GetParent.USER32 ref: 00951F8B
SendMessageW.USER32(00000000,?,00000111,?), ref: 00951F8E
GetDlgCtrlID.USER32(?), ref: 00951F97
GetParent.USER32(?), ref: 00951FAB
SendMessageW.USER32(00000000,?,00000111,?), ref: 00951FAE

Strings

ComboBox, xrefs: 00951EEC
ListBox, xrefs: 00951F21

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: c9eac8241bade63b82c145d02e5e569704b05e5f5757044fea25c72f769e6573
Instruction ID: 492ae8313c2f717a1d99f7311ff8dc797ce3ce5f6e5ebab9bc9dcab4216bf3be
Opcode Fuzzy Hash: c9eac8241bade63b82c145d02e5e569704b05e5f5757044fea25c72f769e6573
Instruction Fuzzy Hash: 9121BEB0910218BBCF04EFA5DC85AFEBBB8EF05350B104125FDA1A72A1DB395908DB70

Function 00951FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

Part of subcall function 00953CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00953CCA

SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00952043
GetDlgCtrlID.USER32 ref: 0095204E
GetParent.USER32 ref: 0095206A
SendMessageW.USER32(00000000,?,00000111,?), ref: 0095206D
GetDlgCtrlID.USER32(?), ref: 00952076
GetParent.USER32(?), ref: 0095208A
SendMessageW.USER32(00000000,?,00000111,?), ref: 0095208D

Strings

ComboBox, xrefs: 00951FCD
ListBox, xrefs: 00952002

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: a705e6aabc15c1116a536dde8ff970039180f9e64268d4f6d8f5b24cb318d9ae
Instruction ID: d9c6635f763243ee5e22528c34119a9390a030f975ad35cc292f767f342f9ac5
Opcode Fuzzy Hash: a705e6aabc15c1116a536dde8ff970039180f9e64268d4f6d8f5b24cb318d9ae
Instruction Fuzzy Hash: AF21CFB1910218BBCF10EFB5DC85EFEBBB8EF05340F104415F991A72A1DA794918DB60

Function 00983A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00983A9D
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00983AA0
GetWindowLongW.USER32(?,000000F0), ref: 00983AC7
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00983AEA
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00983B62
SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00983BAC
SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00983BC7
SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00983BE2
SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00983BF6
SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00983C13

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: ba61ce714ca0bcc61f34e39b545909cb996a8e5a30e5aa0c94df9f2a50727ede
Instruction ID: 0cd07ecf7d8c53f3f112bba210f6abcaec9ffcf2a3d4e31b8669074a8bd161f6
Opcode Fuzzy Hash: ba61ce714ca0bcc61f34e39b545909cb996a8e5a30e5aa0c94df9f2a50727ede
Instruction Fuzzy Hash: CC615BB5900248AFDB10EFA8CC81EEE77B8EB49710F104199FA15A73A2D774AE45DB50

Function 00922C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00922C94

Part of subcall function 009229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000), ref: 009229DE
Part of subcall function 009229C8: GetLastError.KERNEL32(00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000,00000000), ref: 009229F0

_free.LIBCMT ref: 00922CA0
_free.LIBCMT ref: 00922CAB
_free.LIBCMT ref: 00922CB6
_free.LIBCMT ref: 00922CC1
_free.LIBCMT ref: 00922CCC
_free.LIBCMT ref: 00922CD7
_free.LIBCMT ref: 00922CE2
_free.LIBCMT ref: 00922CED
_free.LIBCMT ref: 00922CFB

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 37f1cfe6a52109efe0edd2d872979f6fc96b09b171b4a46b45b91dfacce6abdd
Instruction ID: d50a36f45a289bfcfccb32b58fb46d94512f5468e9c2a8c2dcd32aff97db204a
Opcode Fuzzy Hash: 37f1cfe6a52109efe0edd2d872979f6fc96b09b171b4a46b45b91dfacce6abdd
Instruction Fuzzy Hash: D311CB7A100118BFCB02EF54E942DDD3BA5FF49350F8144A5F9485F236D631EE909B90

Function 00967DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00967FAD
SetCurrentDirectoryW.KERNEL32(?), ref: 00967FC1
GetFileAttributesW.KERNEL32(?), ref: 00967FEB
SetFileAttributesW.KERNEL32(?,00000000), ref: 00968005
SetCurrentDirectoryW.KERNEL32(?), ref: 00968017
SetCurrentDirectoryW.KERNEL32(?), ref: 00968060
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 009680B0

Strings

*.*, xrefs: 00968066

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: 21d3fba86f439bb5fb98dab8a775f92d3db6ce5126ced7ea9788399c964fab1d
Instruction ID: 7287129dba5814a5acd27fba074c09c0d027560e50c1bb9e55fa2ccf3e2a85dd
Opcode Fuzzy Hash: 21d3fba86f439bb5fb98dab8a775f92d3db6ce5126ced7ea9788399c964fab1d
Instruction Fuzzy Hash: 8481A1725082459BCB21DFA4C844AAAF3E8FF88314F544D5EF885D7260EB36DD49CB52

Function 008F5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 008F5C7A

Part of subcall function 008F5D0A: GetClientRect.USER32(?,?), ref: 008F5D30
Part of subcall function 008F5D0A: GetWindowRect.USER32(?,?), ref: 008F5D71
Part of subcall function 008F5D0A: ScreenToClient.USER32(?,?), ref: 008F5D99

GetDC.USER32 ref: 009346F5
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00934708
SelectObject.GDI32(00000000,00000000), ref: 00934716
SelectObject.GDI32(00000000,00000000), ref: 0093472B
ReleaseDC.USER32(?,00000000), ref: 00934733
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 009347C4

Strings

U, xrefs: 00934693

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: e8747977d54d2ef9b6136adeea6829713d2adc4e720838f81072221ba1eefe88
Instruction ID: 633ded57fb7c9edd946875526c2fd4580eba8088cb6136c9d7e5d6b19f8988a8
Opcode Fuzzy Hash: e8747977d54d2ef9b6136adeea6829713d2adc4e720838f81072221ba1eefe88
Instruction Fuzzy Hash: 82710331404209DFCF21CF64CD85ABA3BB9FF4A354F154269EE569A2A6C730AC91DF60

Function 0096359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 009635E4

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

LoadStringW.USER32(009C2390,?,00000FFF,?), ref: 0096360A

Strings

Error: , xrefs: 009636EF
"%s" (%d) : ==> %s:%s%s, xrefs: 00963724
^ ERROR, xrefs: 009636C9
"%s" (%d) : ==> %s:, xrefs: 00963742
Line %d (File "%s"):, xrefs: 0096366B

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-2391861430
Opcode ID: 2088c1986cd09e5698e6cf437eb8f9abf9f7aeaf1ef97c7cdae5afe7a69b44e5
Instruction ID: 175a3bc26e5a122b4ba9bd18cb521d00a995dced9aaafd0c9ad67091cc3106b0
Opcode Fuzzy Hash: 2088c1986cd09e5698e6cf437eb8f9abf9f7aeaf1ef97c7cdae5afe7a69b44e5
Instruction Fuzzy Hash: F1516B71800209AADF15EBA4DD42EEEBB78FF44354F144125F605B21A2EB302B98DB61

Function 00988B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2

Part of subcall function 0090912D: GetCursorPos.USER32(?), ref: 00909141
Part of subcall function 0090912D: ScreenToClient.USER32(00000000,?), ref: 0090915E
Part of subcall function 0090912D: GetAsyncKeyState.USER32(00000001), ref: 00909183
Part of subcall function 0090912D: GetAsyncKeyState.USER32(00000002), ref: 0090919D

ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00988B6B
ImageList_EndDrag.COMCTL32 ref: 00988B71
ReleaseCapture.USER32 ref: 00988B77
SetWindowTextW.USER32(?,00000000), ref: 00988C12
SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00988C25
DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00988CFF

Strings

@GUI_DROPID, xrefs: 00988C51
@GUI_DRAGFILE, xrefs: 00988C9A

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
String ID: @GUI_DRAGFILE$@GUI_DROPID
API String ID: 1924731296-2107944366
Opcode ID: c861c27a31bafafd3f6322c33d4bd217cec6a0e2d3e162db433310860063eaa3
Instruction ID: 5ca598cec438dbaaecea8989014f34cf3e9f7d19f409700940cf19713d30094b
Opcode Fuzzy Hash: c861c27a31bafafd3f6322c33d4bd217cec6a0e2d3e162db433310860063eaa3
Instruction Fuzzy Hash: 3E519CB0608304AFD714EF24DC56FAA77E4FB88754F40062DF996A72E2DB709904CB62

Function 0096C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0096C272
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0096C29A
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0096C2CA
GetLastError.KERNEL32 ref: 0096C322
SetEvent.KERNEL32(?), ref: 0096C336
InternetCloseHandle.WININET(00000000), ref: 0096C341

Strings

, xrefs: 0096C2BB

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: f24fbb1ce642b92823acc66217388623d0a33b59b040c08ddc90703710121110
Instruction ID: 729f4a2487b8591a73e255d642e845df3125bc680e9261e81c091976f1944eb3
Opcode Fuzzy Hash: f24fbb1ce642b92823acc66217388623d0a33b59b040c08ddc90703710121110
Instruction Fuzzy Hash: 323169F1604208AFD7219FA49888EBB7AFCEB49784B10851EF49A92300DB34DD049B70

Function 0095989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00933AAF,?,?,Bad directive syntax error,0098CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 009598BC
LoadStringW.USER32(00000000,?,00933AAF,?), ref: 009598C3

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00959987

Strings

Line %d:, xrefs: 00959912
Error: , xrefs: 00959955
%s (%d) : ==> %s.: %s %s, xrefs: 009598F1
Line %d (File "%s"):, xrefs: 0095992D
., xrefs: 0095996D

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: HandleLoadMessageModuleString_wcslen
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 858772685-4153970271
Opcode ID: e03e1810df90d556fa710c44e83510517a1fa38c84b7f761f6f51d55938f77d4
Instruction ID: 4bafc5bd4a7645a03f51f03d1927b3519b0ddbf12f80219c57ae936221d2cc43
Opcode Fuzzy Hash: e03e1810df90d556fa710c44e83510517a1fa38c84b7f761f6f51d55938f77d4
Instruction Fuzzy Hash: F4216D3280021EEBDF15EFA4DC16EEE7779FF18345F044429F615A21A2EB35A618DB21

Function 0095209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 009520AB
GetClassNameW.USER32(00000000,?,00000100), ref: 009520C0
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0095214D

Strings

list, xrefs: 0095212F
details, xrefs: 009520FB
smallicons, xrefs: 00952115
SHELLDLL_DefView, xrefs: 009520CC
largeicons, xrefs: 009520E1

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: c1c2dda39855c2f9eb7e88fe66ccef5a2855b52e8e06bbd9e433fb0b8cf6fd44
Instruction ID: 573c000855a31874f50849d1f5b5b6a9a9f5593d589b8f0662f43d45f8e39054
Opcode Fuzzy Hash: c1c2dda39855c2f9eb7e88fe66ccef5a2855b52e8e06bbd9e433fb0b8cf6fd44
Instruction Fuzzy Hash: E911E77678CB17B9F605A321DC06EE7379CCF4A329F210026FE04A50D1FA6558455754

Function 00928D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf982b24f96bef459839b356fdda287ab9e2355119fe015c6f229d2154033a73
Instruction ID: adb7ec2dedade8b378f5ccb0ab5875835762bf6c86304ec77cf8d454ad4e3c61
Opcode Fuzzy Hash: bf982b24f96bef459839b356fdda287ab9e2355119fe015c6f229d2154033a73
Instruction Fuzzy Hash: 1BC1F475E0426DAFDB11EFA8E841BEEBBB4BF49310F044059E425A7396CB349941CB60

Function 0092CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0092CEB7
_free.LIBCMT ref: 0092CF22
_free.LIBCMT ref: 0092CF48
_free.LIBCMT ref: 0092CF71
_free.LIBCMT ref: 0092CFA9
_free.LIBCMT ref: 0092CFDA
_free.LIBCMT ref: 0092D01B
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 0092D09C
_free.LIBCMT ref: 0092D0B5

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _free$EnvironmentVariable___from_strstr_to_strchr
String ID:
API String ID: 1282221369-0
Opcode ID: b0e8c060f6cf4205ef5cf6a191d1708e6f06fe13e61b0e5cc613ca33f4f2d054
Instruction ID: 155ea13ca5aa87a112fda5172ba518dd3fbe2388f9006613522b4baec6336a22
Opcode Fuzzy Hash: b0e8c060f6cf4205ef5cf6a191d1708e6f06fe13e61b0e5cc613ca33f4f2d054
Instruction Fuzzy Hash: 9E616AB1A08330AFDF21AFB4BD81BAD7BA9EF45310F04026DF945A7289E7319D408790

Function 009850D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00985186
ShowWindow.USER32(?,00000000), ref: 009851C7
ShowWindow.USER32(?,00000005,?,00000000), ref: 009851CD
SetFocus.USER32(?,?,00000005,?,00000000), ref: 009851D1

Part of subcall function 00986FBA: DeleteObject.GDI32(00000000), ref: 00986FE6

GetWindowLongW.USER32(?,000000F0), ref: 0098520D
SetWindowLongW.USER32(?,000000F0,00000000), ref: 0098521A
InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0098524D
SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00985287
SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00985296

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
String ID:
API String ID: 3210457359-0
Opcode ID: 41dace4cac8285f30e0db4cceb5a8f615efb08bffd7c18257e71a64efadb9298
Instruction ID: 612740b0cf8a6a48bdb6000208d9960812b65c90e8f1394e6b7ed05080c27f60
Opcode Fuzzy Hash: 41dace4cac8285f30e0db4cceb5a8f615efb08bffd7c18257e71a64efadb9298
Instruction Fuzzy Hash: 2E519C70A58A08BEEF20AF24CC4AFD83B69BB45321F154011F625963E1CB75E998DB51

Function 00908B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00946890
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 009468A9
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 009468B9
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 009468D1
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 009468F2
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00908874,00000000,00000000,00000000,000000FF,00000000), ref: 00946901
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0094691E
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00908874,00000000,00000000,00000000,000000FF,00000000), ref: 0094692D

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: fe4610aa5cc4e9783ed6a4231a1380a20797ff2846d8a61d57b561a54e161778
Instruction ID: e9d7fef15d72a07373316b733d94f806ae2c6332ade9b15b33357ac21ed714cc
Opcode Fuzzy Hash: fe4610aa5cc4e9783ed6a4231a1380a20797ff2846d8a61d57b561a54e161778
Instruction Fuzzy Hash: 2A5169B0A10209EFDB24CF24CC55FAA7BB9FF99760F104518F956962E0DB70E990EB50

Function 0096C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0096C182
GetLastError.KERNEL32 ref: 0096C195
SetEvent.KERNEL32(?), ref: 0096C1A9

Part of subcall function 0096C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0096C272
Part of subcall function 0096C253: GetLastError.KERNEL32 ref: 0096C322
Part of subcall function 0096C253: SetEvent.KERNEL32(?), ref: 0096C336
Part of subcall function 0096C253: InternetCloseHandle.WININET(00000000), ref: 0096C341

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: 8ea237bbb4c84034464b2bba48b350866f7effde6ac7cfe24c60d4434a0df2f6
Instruction ID: 25572bacf5b4835b7fdbeb234c683dba00db6a43a8a1d8af209a692278531425
Opcode Fuzzy Hash: 8ea237bbb4c84034464b2bba48b350866f7effde6ac7cfe24c60d4434a0df2f6
Instruction Fuzzy Hash: 4B318BF1204605BFDB219FA5DC54A77BBFCFF58310B00842EF9AA82610D735E814ABA0

Function 009525A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00953A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00953A57
Part of subcall function 00953A3D: GetCurrentThreadId.KERNEL32 ref: 00953A5E
Part of subcall function 00953A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,009525B3), ref: 00953A65

MapVirtualKeyW.USER32(00000025,00000000), ref: 009525BD
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 009525DB
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 009525DF
MapVirtualKeyW.USER32(00000025,00000000), ref: 009525E9
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00952601
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00952605
MapVirtualKeyW.USER32(00000025,00000000), ref: 0095260F
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00952623
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00952627

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: 70180fa6347177aeaa7fbf697e42d08ade2de4166415520f0daed59cbfb000a8
Instruction ID: a091f219645fa3016316f746d2eccca48115c1f52cd446d826a05a129d603a0c
Opcode Fuzzy Hash: 70180fa6347177aeaa7fbf697e42d08ade2de4166415520f0daed59cbfb000a8
Instruction Fuzzy Hash: 3401B1712A8210BBFB10A769DC8EF593F59DB8AB52F100011F718AE1D5C9F224489B79

Function 00951803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00951449,?,?,00000000), ref: 0095180C
HeapAlloc.KERNEL32(00000000,?,00951449,?,?,00000000), ref: 00951813
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00951449,?,?,00000000), ref: 00951828
GetCurrentProcess.KERNEL32(?,00000000,?,00951449,?,?,00000000), ref: 00951830
DuplicateHandle.KERNEL32(00000000,?,00951449,?,?,00000000), ref: 00951833
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00951449,?,?,00000000), ref: 00951843
GetCurrentProcess.KERNEL32(00951449,00000000,?,00951449,?,?,00000000), ref: 0095184B
DuplicateHandle.KERNEL32(00000000,?,00951449,?,?,00000000), ref: 0095184E
CreateThread.KERNEL32(00000000,00000000,00951874,00000000,00000000,00000000), ref: 00951868

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: 0ccbef83821c545df37bfeb95e8e0c0247e6f7489f9b37e4affdde3874c8be74
Instruction ID: 197c9e88f26d6e5ae039bb0b2c65feeb6197deeb663be6847132419b4ae758fb
Opcode Fuzzy Hash: 0ccbef83821c545df37bfeb95e8e0c0247e6f7489f9b37e4affdde3874c8be74
Instruction Fuzzy Hash: 4301BBB5254308BFE710EBA5DC8DF6B3BACEB89B11F004411FA05DB2A1DA719800DB30

Function 0097A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 0095D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0095D501
Part of subcall function 0095D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0095D50F
Part of subcall function 0095D4DC: CloseHandle.KERNEL32(00000000), ref: 0095D5DC

OpenProcess.KERNEL32(00000001,00000000,?), ref: 0097A16D
GetLastError.KERNEL32 ref: 0097A180
OpenProcess.KERNEL32(00000001,00000000,?), ref: 0097A1B3
TerminateProcess.KERNEL32(00000000,00000000), ref: 0097A268
GetLastError.KERNEL32(00000000), ref: 0097A273
CloseHandle.KERNEL32(00000000), ref: 0097A2C4

Strings

SeDebugPrivilege, xrefs: 0097A18F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: 1f1e1cc777ff519504d29a3a1a70596e2a8ec6da0117d79f064e87f1520cc0d6
Instruction ID: 217c71e492b8b47894abf6e3fb34a8ac5cd806656dc9df322b8e0da3923e3e8e
Opcode Fuzzy Hash: 1f1e1cc777ff519504d29a3a1a70596e2a8ec6da0117d79f064e87f1520cc0d6
Instruction Fuzzy Hash: 5E618E71208242AFD710DF19C494F29BBE5AF84318F54C49CE46A8B7A3C776ED49CB92

Function 00983886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00983925
SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0098393A
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00983954
_wcslen.LIBCMT ref: 00983999
SendMessageW.USER32(?,00001057,00000000,?), ref: 009839C6
SendMessageW.USER32(?,00001061,?,0000000F), ref: 009839F4

Strings

SysListView32, xrefs: 009838F7

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend$Window_wcslen
String ID: SysListView32
API String ID: 2147712094-78025650
Opcode ID: 5159c43dc050a46b01e3bfbb312effc3cda8994e0f7c1091d5e5e2dc7c9767a1
Instruction ID: eac550cf16675677df5e8f21dd99e86dd58089d1c1ef3bb239fb35a9ace1f0aa
Opcode Fuzzy Hash: 5159c43dc050a46b01e3bfbb312effc3cda8994e0f7c1091d5e5e2dc7c9767a1
Instruction Fuzzy Hash: 0D41C071A00219ABEF21AF64CC49FEA7BA9EF48754F104526F948E7281D775DA80CB90

Function 0095BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0095BCFD
IsMenu.USER32(00000000), ref: 0095BD1D
CreatePopupMenu.USER32 ref: 0095BD53
GetMenuItemCount.USER32(01244800), ref: 0095BDA4
InsertMenuItemW.USER32(01244800,?,00000001,00000030), ref: 0095BDCC

Strings

2, xrefs: 0095BD37
0, xrefs: 0095BCA8

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID: 0$2
API String ID: 93392585-3793063076
Opcode ID: cc0084d94429c23fd7421612b2119dea56e4cbb28726407fa15963a8fa5b8f4f
Instruction ID: a9dba369948a3a9d26a254282339c69347eb791c52fc2676d8367ec09e770bf9
Opcode Fuzzy Hash: cc0084d94429c23fd7421612b2119dea56e4cbb28726407fa15963a8fa5b8f4f
Instruction Fuzzy Hash: D451DFB0A042099BDF10CFAAD888BAEBBF8BF85316F144519FD11D72D0D7749949CB61

Function 0095C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 0095C913

Strings

stop, xrefs: 0095C8E4
question, xrefs: 0095C8CC
info, xrefs: 0095C8B4
warning, xrefs: 0095C8FC
blank, xrefs: 0095C895

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: 9a011984f4dbfdd8faa7640b9da1ea73b14eb4f2d1a168067fa2eb70a33e4fcf
Instruction ID: 0e919e1c0d3c7b5395bc1b2aa9ffd39a80f5f7ec1af835c60322902538209258
Opcode Fuzzy Hash: 9a011984f4dbfdd8faa7640b9da1ea73b14eb4f2d1a168067fa2eb70a33e4fcf
Instruction Fuzzy Hash: B8113D7278930ABEE700DB159D93DEA779CDF5572AB20002AFD00A62C2DB786E445364

Function 0095DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 0095DE42
gethostname.WSOCK32(?,00000100), ref: 0095DE5C
gethostbyname.WSOCK32(?), ref: 0095DE69
inet_ntoa.WSOCK32(?), ref: 0095DEAB
_strcat.LIBCMT ref: 0095DEB9
WSACleanup.WSOCK32 ref: 0095DEDE

Strings

0.0.0.0, xrefs: 0095DE87

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 642191829-3771769585
Opcode ID: c06e8f184647705b92d3aecc89cf2bf99261f5f610fc18ec397847a987979065
Instruction ID: e1e431a8ea4870d8b905663a539ef98afd0fbbec659ded98cc818474ea511e53
Opcode Fuzzy Hash: c06e8f184647705b92d3aecc89cf2bf99261f5f610fc18ec397847a987979065
Instruction Fuzzy Hash: F8113672904109AFDB30EB21DC0BEEE37ACDF91712F000169F845A6191EF718A889B60

Function 00989F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2

GetSystemMetrics.USER32(0000000F), ref: 00989FC7
GetSystemMetrics.USER32(0000000F), ref: 00989FE7
MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0098A224
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0098A242
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0098A263
ShowWindow.USER32(00000003,00000000), ref: 0098A282
InvalidateRect.USER32(?,00000000,00000001), ref: 0098A2A7
DefDlgProcW.USER32(?,00000005,?,?), ref: 0098A2CA

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
String ID:
API String ID: 1211466189-0
Opcode ID: 2b247baa3720a65d6fc6c09bf94a5492b1a2f962fb50b5e5a34c867d72972890
Instruction ID: e6fe7e2077ec353b0f73d05d2d0bd5cb6a2c5256972448b4561e67ad8ec6e2d8
Opcode Fuzzy Hash: 2b247baa3720a65d6fc6c09bf94a5492b1a2f962fb50b5e5a34c867d72972890
Instruction Fuzzy Hash: 25B1DC31604215EFEF24DF68C989BAE3BB6FF44711F08806AEC599B395D731A940CB61

Function 0095ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 0095ED2A
_wcslen.LIBCMT ref: 0095ED3B
_wcslen.LIBCMT ref: 0095ED79
_wcslen.LIBCMT ref: 0095EDAF
_wcslen.LIBCMT ref: 0095EDDF
_wcslen.LIBCMT ref: 0095EDEF
_wcslen.LIBCMT ref: 0095EE2B
_wcslen.LIBCMT ref: 0095EE5A

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: 7fabaa3e1f8ef48c3b594632929ccae0cf02f5aa939558e4ef166ba7def62c87
Instruction ID: 762a52800c71d7eb1d6579935eedbb4be48b1946395e38549ba4e3e1a5fabe17
Opcode Fuzzy Hash: 7fabaa3e1f8ef48c3b594632929ccae0cf02f5aa939558e4ef166ba7def62c87
Instruction Fuzzy Hash: C7419465D1011C75CB11EBF5888AACFB7A8AF85710F508862F924E3162FB34E399C7A5

Function 0090F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0094682C,00000004,00000000,00000000), ref: 0090F953
ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0094682C,00000004,00000000,00000000), ref: 0094F3D1
ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0094682C,00000004,00000000,00000000), ref: 0094F454

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 8ca980ce3e16ca3d9ca34ca6b797fb4c2f731d8033364770b77f1667a2e95ea2
Instruction ID: cbf911ff9a6b4b2e0379bd21ee64625f58de0ff774a092295d367e599bcdafa8
Opcode Fuzzy Hash: 8ca980ce3e16ca3d9ca34ca6b797fb4c2f731d8033364770b77f1667a2e95ea2
Instruction Fuzzy Hash: 7F412A3161C780BEC7388B28D8B8F2A7B99AB86750F14443DE06753EE1D635AA80D711

Function 00982D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00982D1B
GetDC.USER32(00000000), ref: 00982D23
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00982D2E
ReleaseDC.USER32(00000000,00000000), ref: 00982D3A
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00982D76
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00982D87
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00985A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00982DC2
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00982DE1

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: 22203ed6719fcdd03fbdf76cc59edb246889648a4e51bf3f27c9bc6db419ba98
Instruction ID: 3bab7118ab5485e6eb56a0d80e50121d0a2db6280142b04c693688e629bdb0e9
Opcode Fuzzy Hash: 22203ed6719fcdd03fbdf76cc59edb246889648a4e51bf3f27c9bc6db419ba98
Instruction Fuzzy Hash: 193187B2215214BBEB218F60CC8AFEB3FADEF09751F044065FE089A291D6759C40CBB0

Function 00955622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00955637
_memcmp.LIBVCRUNTIME ref: 00955659
_memcmp.LIBVCRUNTIME ref: 00955671
_memcmp.LIBVCRUNTIME ref: 00955684
_memcmp.LIBVCRUNTIME ref: 0095569E
_memcmp.LIBVCRUNTIME ref: 009556B1
_memcmp.LIBVCRUNTIME ref: 009556C9
_memcmp.LIBVCRUNTIME ref: 009556E4

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: c4d292798ff9ff9c0430432da26ebd057f1fd7136c56196c0702781cde1184bd
Instruction ID: a6aac5f27f4f5d4665809f22fa41ad95e6bf88dd8ebae80f918934d3e6d7b27d
Opcode Fuzzy Hash: c4d292798ff9ff9c0430432da26ebd057f1fd7136c56196c0702781cde1184bd
Instruction Fuzzy Hash: 0C213E6174290DB7D614E5138DB2FFB335CAF90386F550020FE049A647F724EE1983A5

Function 00974FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON

Download Yara Rule

Strings

Not an Object type, xrefs: 00975007
NULL Pointer assignment, xrefs: 0097502E, 00975383

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: 8ceb4ba908e07a123004d4d4adec0475948af9d6cff19acc26433a10d7afe6b0
Instruction ID: 017fee5ad3d0ab8c1f2e12815522120238aa475b9c8470ff1436329be18339f0
Opcode Fuzzy Hash: 8ceb4ba908e07a123004d4d4adec0475948af9d6cff19acc26433a10d7afe6b0
Instruction Fuzzy Hash: BFD1C772A0060A9FDF50CF68C881BAEB7B9FF48344F15C469E919AB291E7B0DD45CB50

Function 00931522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,009317FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 009315CE
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,009317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00931651
MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,009317FB,?,009317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 009316E4
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,009317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 009316FB

Part of subcall function 00923820: RtlAllocateHeap.NTDLL(00000000,?,009C1444,?,0090FDF5,?,?,008FA976,00000010,009C1440,008F13FC,?,008F13C6,?,008F1129), ref: 00923852

MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,009317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00931777
__freea.LIBCMT ref: 009317A2
__freea.LIBCMT ref: 009317AE

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: 3c129af8943653a29e3fa83fc50f5f286f0c3ad94f39bb11d1443b3da3a2d640
Instruction ID: 8f7df17024a86aa0a088ac039c8b9c0eb9ddc45290eab1cf0aef672440369881
Opcode Fuzzy Hash: 3c129af8943653a29e3fa83fc50f5f286f0c3ad94f39bb11d1443b3da3a2d640
Instruction Fuzzy Hash: 1191A271E102169ADF208FA4CC81AEE7BF99F89714F184659F806E7261DB35DC40CF60

Function 00974523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00974648
VariantInit.OLEAUT32(?), ref: 00974749
VariantClear.OLEAUT32(?), ref: 00974753
VariantClear.OLEAUT32(?), ref: 009747B0

Strings

Null Object assignment in FOR..IN loop, xrefs: 009745D8, 00974706, 009747BE
Incorrect Object type in FOR..IN loop, xrefs: 0097472C

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: 48e2d2e2d8711d54c96cd91c86b8b140b779d8716d35d70e9447b37e15eebec5
Instruction ID: 71481af862b8499c6e435c9f5b192de9e570409cb74a0395d843e5e9b0e25f6f
Opcode Fuzzy Hash: 48e2d2e2d8711d54c96cd91c86b8b140b779d8716d35d70e9447b37e15eebec5
Instruction Fuzzy Hash: 6E918272A00219AFDF24CFA4CC85FAEB7B8EF85714F108559F519AB281D7749941CFA0

Function 00961187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0096125C
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00961284
SafeArrayUnaccessData.OLEAUT32(00000001), ref: 009612A8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009612D8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0096135F
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009613C4
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00961430

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ArraySafe$Data$Access$UnaccessVartype
String ID:
API String ID: 2550207440-0
Opcode ID: 46fdc13df1eb0671e3131b0c2e90d9ec98873ba5fc425f0f2e506ce59a1ddda0
Instruction ID: a096c1adfdd7433a9fb7c69ef2c5b025ea651f6cc325b85b62de5cf09490e761
Opcode Fuzzy Hash: 46fdc13df1eb0671e3131b0c2e90d9ec98873ba5fc425f0f2e506ce59a1ddda0
Instruction Fuzzy Hash: 8B910671A002199FDB00DFA8C895BBEB7B9FF85314F18442AE551E72A1DB78E941CB90

Function 0090948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: ace39d7d03ff3974b0cf49ca27f1d5ec9aa1f44fc63a56a9f7cc6e8f042fe525
Instruction ID: 281b1a14e144e240985d3a68a60602cbbb9729168a736453c2f42cdfc86a1636
Opcode Fuzzy Hash: ace39d7d03ff3974b0cf49ca27f1d5ec9aa1f44fc63a56a9f7cc6e8f042fe525
Instruction Fuzzy Hash: 8B912871D04219EFCB14CFA9CC84AEEBBB8FF89320F148555E915B7292D378A941DB60

Function 00973947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 0097396B
CharUpperBuffW.USER32(?,?), ref: 00973A7A
_wcslen.LIBCMT ref: 00973A8A
VariantClear.OLEAUT32(?), ref: 00973C1F

Part of subcall function 00960CDF: VariantInit.OLEAUT32(00000000), ref: 00960D1F
Part of subcall function 00960CDF: VariantCopy.OLEAUT32(?,?), ref: 00960D28
Part of subcall function 00960CDF: VariantClear.OLEAUT32(?), ref: 00960D34

Strings

Incorrect Parameter format, xrefs: 009739A6, 00973BA1
AUTOIT.ERROR, xrefs: 00973A80, 00973A85

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4137639002-1221869570
Opcode ID: f3200f442e1aac5daeb6c61b5057f62902fc046e2dc8433cff6368711a828421
Instruction ID: 661d1b76638279b0e84d0fc1d687a9fe427cbe9e433731a87577d40bdc12d192
Opcode Fuzzy Hash: f3200f442e1aac5daeb6c61b5057f62902fc046e2dc8433cff6368711a828421
Instruction Fuzzy Hash: 099159766083059FC704DF28C48196AB7E8FF88314F14896DF9899B351DB30EE45DB92

Function 00974BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 0095000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0094FF41,80070057,?,?,?,0095035E), ref: 0095002B
Part of subcall function 0095000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0094FF41,80070057,?,?), ref: 00950046
Part of subcall function 0095000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0094FF41,80070057,?,?), ref: 00950054
Part of subcall function 0095000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0094FF41,80070057,?), ref: 00950064

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00974C51
_wcslen.LIBCMT ref: 00974D59
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00974DCF
CoTaskMemFree.OLE32(?), ref: 00974DDA

Strings

NULL Pointer assignment, xrefs: 00974E23, 00974E52

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: 14adb46929361e208087a7a7dd161bae3883c218010359327121683771c2e735
Instruction ID: c6ad0118e245cfbd5b8562b72534233e4b789df7b13f2c74fa1a26f4041f1a3e
Opcode Fuzzy Hash: 14adb46929361e208087a7a7dd161bae3883c218010359327121683771c2e735
Instruction Fuzzy Hash: F2912972D0021D9FDF14DFA4C891AEEB7B8FF48310F108569E919A7291EB749A44CFA1

Function 009820FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00982183
GetMenuItemCount.USER32(00000000), ref: 009821B5
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 009821DD
_wcslen.LIBCMT ref: 00982213
GetMenuItemID.USER32(?,?), ref: 0098224D
GetSubMenu.USER32(?,?), ref: 0098225B

Part of subcall function 00953A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00953A57
Part of subcall function 00953A3D: GetCurrentThreadId.KERNEL32 ref: 00953A5E
Part of subcall function 00953A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,009525B3), ref: 00953A65

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 009822E3

Part of subcall function 0095E97B: Sleep.KERNEL32 ref: 0095E9F3

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: 38458c90cb7f9ce0ba0a2e0c0ac0d4d49ae2d314082c84bf5687e0f87f35c78a
Instruction ID: 4441c74b5e59ab24a611edc0fba0db383cd6cff8993eb76870757437c9687b38
Opcode Fuzzy Hash: 38458c90cb7f9ce0ba0a2e0c0ac0d4d49ae2d314082c84bf5687e0f87f35c78a
Instruction Fuzzy Hash: D5716175E04205AFCB14EF68C845AAEB7F5FF88310F148469E926EB351DB34EE418B90

Function 00987E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(01244B70), ref: 00987F37
IsWindowEnabled.USER32(01244B70), ref: 00987F43
SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0098801E
SendMessageW.USER32(01244B70,000000B0,?,?), ref: 00988051
IsDlgButtonChecked.USER32(?,?), ref: 00988089
GetWindowLongW.USER32(01244B70,000000EC), ref: 009880AB
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 009880C3

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: 9d4b3ff612027d2882105cbc6780fa8d87cde4ac03b88399b53ff1579625022d
Instruction ID: 09deac6796d89867e9e5fcf621bd50774ce4dab73c48b91b69bcad7befd59182
Opcode Fuzzy Hash: 9d4b3ff612027d2882105cbc6780fa8d87cde4ac03b88399b53ff1579625022d
Instruction Fuzzy Hash: 4971A174608204AFEB21AF95CC84FEABBB9FF0A300F644459FA5597361CB31E845DB20

Function 0095AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 0095AEF9
GetKeyboardState.USER32(?), ref: 0095AF0E
SetKeyboardState.USER32(?), ref: 0095AF6F
PostMessageW.USER32(?,00000101,00000010,?), ref: 0095AF9D
PostMessageW.USER32(?,00000101,00000011,?), ref: 0095AFBC
PostMessageW.USER32(?,00000101,00000012,?), ref: 0095AFFD
PostMessageW.USER32(?,00000101,0000005B,?), ref: 0095B020

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: b9e6bd95a47b0fa520526137075c9f31be475e73a110a5cda6f8116b93446c81
Instruction ID: ca840f61417bb29cb5f4e09d4296d843e3da2f96e461163e128b742894cb97c9
Opcode Fuzzy Hash: b9e6bd95a47b0fa520526137075c9f31be475e73a110a5cda6f8116b93446c81
Instruction Fuzzy Hash: 4D5113A06043D13DFB32C236CC05BBABEAD5B06305F088589E9E9554C2D3E8ACCCD361

Function 0095ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 0095AD19
GetKeyboardState.USER32(?), ref: 0095AD2E
SetKeyboardState.USER32(?), ref: 0095AD8F
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0095ADBB
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0095ADD8
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0095AE17
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0095AE38

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 18a70cca912b2076da9145dd31520dbd2b38c08809d139d3409eb662ebd22aae
Instruction ID: 612c9e5cd54516d9eb4ec7e1ccbaa670ceea86085459387fc182679d431abbc2
Opcode Fuzzy Hash: 18a70cca912b2076da9145dd31520dbd2b38c08809d139d3409eb662ebd22aae
Instruction Fuzzy Hash: 345106A15047D53DFB32D3368C46B7ABEAC6B45302F088688E9D5568C2D294EC8CD76A

Function 0092542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00933CD6,?,?,?,?,?,?,?,?,00925BA3,?,?,00933CD6,?,?), ref: 00925470
__fassign.LIBCMT ref: 009254EB
__fassign.LIBCMT ref: 00925506
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00933CD6,00000005,00000000,00000000), ref: 0092552C
WriteFile.KERNEL32(?,00933CD6,00000000,00925BA3,00000000,?,?,?,?,?,?,?,?,?,00925BA3,?), ref: 0092554B
WriteFile.KERNEL32(?,?,00000001,00925BA3,00000000,?,?,?,?,?,?,?,?,?,00925BA3,?), ref: 00925584

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: c69c724e54c61ad0123b2c4272a39fd0397413b70eed2579c9d868c142372a87
Instruction ID: 3a099b94e60daba90bf7d6b3bd24adb7a122de48d736ad83f2192adcc280d31d
Opcode Fuzzy Hash: c69c724e54c61ad0123b2c4272a39fd0397413b70eed2579c9d868c142372a87
Instruction Fuzzy Hash: 945102B0A00619AFCB10CFA8E885EEEBBF9EF09300F15451AF955E3295D730DA41CB60

Function 00912D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00912D4B
___except_validate_context_record.LIBVCRUNTIME ref: 00912D53
_ValidateLocalCookies.LIBCMT ref: 00912DE1
__IsNonwritableInCurrentImage.LIBCMT ref: 00912E0C
_ValidateLocalCookies.LIBCMT ref: 00912E61

Strings

csm, xrefs: 00912DF6

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 23cfc0ff1033959af9e0e92ca12dae0f32bd9b578e958691d50c73b4390a0495
Instruction ID: 2f2f2ff612e32a9d4c8f0bf3e3badc4311c9426041206dd0cbb582e2552fcbc1
Opcode Fuzzy Hash: 23cfc0ff1033959af9e0e92ca12dae0f32bd9b578e958691d50c73b4390a0495
Instruction Fuzzy Hash: 91418634B0020DAFCF10EF68D845ADEBBB9BF85324F148155E9146B392D7359AA5CBD0

Function 009710B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0097304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0097307A
Part of subcall function 0097304E: _wcslen.LIBCMT ref: 0097309B

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00971112
WSAGetLastError.WSOCK32 ref: 00971121
WSAGetLastError.WSOCK32 ref: 009711C9
closesocket.WSOCK32(00000000), ref: 009711F9

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
String ID:
API String ID: 2675159561-0
Opcode ID: c5f1322027ba131a7d015e6f0a10ef8d931083eb81b1fd76fa31d3ebcf5aed78
Instruction ID: 3ae8f63c0ddca9f1c8e0e95299644bf5aed39a0714d734ea0a5583fbc7b1d1bb
Opcode Fuzzy Hash: c5f1322027ba131a7d015e6f0a10ef8d931083eb81b1fd76fa31d3ebcf5aed78
Instruction Fuzzy Hash: 5041F472604208AFDB109F68C884BA9B7E9FF45324F54C059FD099F291C774EE41CBA1

Function 0095CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0095DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0095CF22,?), ref: 0095DDFD

Part of subcall function 0095DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0095CF22,?), ref: 0095DE16

lstrcmpiW.KERNEL32(?,?), ref: 0095CF45
MoveFileW.KERNEL32(?,?), ref: 0095CF7F
_wcslen.LIBCMT ref: 0095D005
_wcslen.LIBCMT ref: 0095D01B
SHFileOperationW.SHELL32(?), ref: 0095D061

Strings

\*.*, xrefs: 0095CFF3

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 3164238972-1173974218
Opcode ID: 70ae34dafeee236eea7365c79bcea39b3486f8c22ceae0002445b0a4d933cc1f
Instruction ID: 56a8faed97b74e4d5bd5d41bf846ac15eb3018b96c5f71762c061adfb6a4e0d4
Opcode Fuzzy Hash: 70ae34dafeee236eea7365c79bcea39b3486f8c22ceae0002445b0a4d933cc1f
Instruction Fuzzy Hash: D24132B19452189FDF12EBA5D981BDEB7BDAF48381F1000E6E905EB141EA34A788CB50

Function 00982DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00982E1C
GetWindowLongW.USER32(?,000000F0), ref: 00982E4F
GetWindowLongW.USER32(?,000000F0), ref: 00982E84
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00982EB6
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00982EE0
GetWindowLongW.USER32(?,000000F0), ref: 00982EF1
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00982F0B

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: df35f171fd128015c274745dc4596bd4577c8da929a86b318188032da50ed4d5
Instruction ID: 35c35ff9f65069b29bf8d455582e7429801d62a4cd2f8dd026f192026e6dc44f
Opcode Fuzzy Hash: df35f171fd128015c274745dc4596bd4577c8da929a86b318188032da50ed4d5
Instruction Fuzzy Hash: 4B310330618251AFDB21DF58EC84F6537E9EB9A710F150165F9018F3B2CB71A840EB59

Function 00957726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00957769
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0095778F
SysAllocString.OLEAUT32(00000000), ref: 00957792
SysAllocString.OLEAUT32(?), ref: 009577B0
SysFreeString.OLEAUT32(?), ref: 009577B9
StringFromGUID2.OLE32(?,?,00000028), ref: 009577DE
SysAllocString.OLEAUT32(?), ref: 009577EC

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: a1e9bc661d87fd0303647eb9888aea5365eeddd16eb58de388263ccca3a9e022
Instruction ID: 3f672bbb090f4276d3c571d3874a28ea5035920d8058df65fb77ae24d91f3960
Opcode Fuzzy Hash: a1e9bc661d87fd0303647eb9888aea5365eeddd16eb58de388263ccca3a9e022
Instruction Fuzzy Hash: 1D21B276608219AFDB10DFB9EC88DBBB3ACEB093647008425FD04DB2A0D670DE458770

Function 009577FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00957842
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00957868
SysAllocString.OLEAUT32(00000000), ref: 0095786B
SysAllocString.OLEAUT32 ref: 0095788C
SysFreeString.OLEAUT32 ref: 00957895
StringFromGUID2.OLE32(?,?,00000028), ref: 009578AF
SysAllocString.OLEAUT32(?), ref: 009578BD

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 86eba7b6b077787f3e51a86ed0b7a404f2dfc2372539282e3d5c95a2a8df9494
Instruction ID: 01cbb6e44881c6766742231ac7a7a11d15f30d3eec81ab2f4762e229e0655785
Opcode Fuzzy Hash: 86eba7b6b077787f3e51a86ed0b7a404f2dfc2372539282e3d5c95a2a8df9494
Instruction Fuzzy Hash: CB218E71608214AFDB10DBF9ECCCDAAB7ACEB083607108125BA15CB2A1D674DD85CB74

Function 009604D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 009604F2
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0096052E

Strings

nul, xrefs: 00960567

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: f03b2ea2bb2bce183ed3d30bdc4dc216eaacd2857566aaa56e27231e86a983fc
Instruction ID: bfa4143063e4bd7b5672c19cc2f328c56b07a438d170a5f9fa5c0eb32b24c9e1
Opcode Fuzzy Hash: f03b2ea2bb2bce183ed3d30bdc4dc216eaacd2857566aaa56e27231e86a983fc
Instruction Fuzzy Hash: C1213DB5500305ABDB209F6ADC85A9B77A8BF85764F204A19F8A2D72E0E770D950DF20

Function 009605A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 009605C6
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00960601

Strings

nul, xrefs: 00960639

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: cc3e62af027eefe904a9209df36a2515d8e55153463d1de8f0c9235fd71b9034
Instruction ID: 1213766891961f17ce91161da1e36dacba3a76445fbc6fa4abf7c3e1fc406fbb
Opcode Fuzzy Hash: cc3e62af027eefe904a9209df36a2515d8e55153463d1de8f0c9235fd71b9034
Instruction Fuzzy Hash: CB215C75504305ABDB209F69DC84E9B77E8AFD5724F200B19F8A1E72E0E7B09960DB20

Function 009840AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008F600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 008F604C
Part of subcall function 008F600E: GetStockObject.GDI32(00000011), ref: 008F6060
Part of subcall function 008F600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 008F606A

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00984112
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0098411F
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0098412A
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00984139
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00984145

Strings

Msctls_Progress32, xrefs: 009840E3

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 511b771ba313b00004c8c6ac8de02131f76896b4bd4daecb99ff897819d04fdf
Instruction ID: fd30603ba4fe3b6c6896965ed756eef77324504b8bc4797eac8b4bea6f8b53be
Opcode Fuzzy Hash: 511b771ba313b00004c8c6ac8de02131f76896b4bd4daecb99ff897819d04fdf
Instruction Fuzzy Hash: EB1190B215421EBEEF119F64CC85EE77F5DEF18798F014110BA18A2190CA769C619BA4

Function 0092D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0092D7A3: _free.LIBCMT ref: 0092D7CC

_free.LIBCMT ref: 0092D82D

Part of subcall function 009229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000), ref: 009229DE
Part of subcall function 009229C8: GetLastError.KERNEL32(00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000,00000000), ref: 009229F0

_free.LIBCMT ref: 0092D838
_free.LIBCMT ref: 0092D843
_free.LIBCMT ref: 0092D897
_free.LIBCMT ref: 0092D8A2
_free.LIBCMT ref: 0092D8AD
_free.LIBCMT ref: 0092D8B8

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction ID: 5cdbe740e155ba1a356e77a1eeb85c0129230c4a4adedec617b53f6ed88f4978
Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction Fuzzy Hash: E21163B1542B24BAE521BFF0EC47FCB7BDC6F84700F800825B2D9A6096DA79B5454750

Function 0095DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0095DA74
LoadStringW.USER32(00000000), ref: 0095DA7B
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0095DA91
LoadStringW.USER32(00000000), ref: 0095DA98
MessageBoxW.USER32(00000000,?,?,00011010), ref: 0095DADC

Strings

%s (%d) : ==> %s: %s %s, xrefs: 0095DAB9

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: 195eb5812d757a6b0e14e239a12aaed64a61723f37713e29ca3d937e93f3ca3e
Instruction ID: 5c04258409668bb7a190b28a2edd23a02c44a1375b40b225d7764a3533c9dc16
Opcode Fuzzy Hash: 195eb5812d757a6b0e14e239a12aaed64a61723f37713e29ca3d937e93f3ca3e
Instruction Fuzzy Hash: C00186F25042087FF710EBA09D89EEB336CE708301F4008A2B746E2141E6749E844F74

Function 0096096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(0123E018,0123E018), ref: 0096097B
EnterCriticalSection.KERNEL32(0123DFF8,00000000), ref: 0096098D
TerminateThread.KERNEL32(?,000001F6), ref: 0096099B
WaitForSingleObject.KERNEL32(?,000003E8), ref: 009609A9
CloseHandle.KERNEL32(?), ref: 009609B8
InterlockedExchange.KERNEL32(0123E018,000001F6), ref: 009609C8
LeaveCriticalSection.KERNEL32(0123DFF8), ref: 009609CF

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: 878a2d473d6005ede9c72f450aeb3386ed5bec82831ad0be972e3cc9dee5e622
Instruction ID: cbbb4d3f629f9b546afa37803013574779576df2d80ac0be0cdf248f1e2d59e4
Opcode Fuzzy Hash: 878a2d473d6005ede9c72f450aeb3386ed5bec82831ad0be972e3cc9dee5e622
Instruction Fuzzy Hash: 56F03C7245AA02BBD7415FA4EE8CBD6BB39FF41712F402025F202909E0C7749465EFA0

Function 00971C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON

Download Yara Rule

APIs

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00971DC0
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00971DE1
WSAGetLastError.WSOCK32 ref: 00971DF2
htons.WSOCK32(?,?,?,?,?), ref: 00971EDB
inet_ntoa.WSOCK32(?), ref: 00971E8C

Part of subcall function 009539E8: _strlen.LIBCMT ref: 009539F2

Part of subcall function 00973224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0096EC0C), ref: 00973240

_strlen.LIBCMT ref: 00971F35

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
String ID:
API String ID: 3203458085-0
Opcode ID: 926112745014e8cc123d069dd001c173e41bb0840c01b7431916662713ffe589
Instruction ID: a7f1104d28b0198f6a6c3f8324d09a27eddd989749c58d001dccfca7cf28a50b
Opcode Fuzzy Hash: 926112745014e8cc123d069dd001c173e41bb0840c01b7431916662713ffe589
Instruction Fuzzy Hash: BBB1B272204300AFC324DF28C895F2A77A9EF84318F54895CF55A9B2E2DB71ED45CB92

Function 008F5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 008F5D30
GetWindowRect.USER32(?,?), ref: 008F5D71
ScreenToClient.USER32(?,?), ref: 008F5D99
GetClientRect.USER32(?,?), ref: 008F5ED7
GetWindowRect.USER32(?,?), ref: 008F5EF8

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 6983fa2bbae456822709a77e4f863215088b159c14288bfd19ab9fa63e5079de
Instruction ID: 3c46aba1d5a471c0db863ceb5f0451384b4772622b08686f5398840404bc5f1a
Opcode Fuzzy Hash: 6983fa2bbae456822709a77e4f863215088b159c14288bfd19ab9fa63e5079de
Instruction Fuzzy Hash: 27B16674A00A4ADBDB14CFB9C4807FAB7F1FF48310F14841AEAAAD7250DB34AA51DB50

Function 009201B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 009200BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009200D6
__allrem.LIBCMT ref: 009200ED
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0092010B
__allrem.LIBCMT ref: 00920122
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00920140

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
Instruction ID: f90bbf64483802b422ce5b8c42c6bea03fec72bb6d183baa75f9ebf2fe7ece8c
Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
Instruction Fuzzy Hash: EF811472B0071A9BE7209F28EC51BAA73E9EFC1324F24453AF551D6392E7B0D9418B90

Function 009261FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,009182D9,009182D9,?,?,?,0092644F,00000001,00000001,8BE85006), ref: 00926258
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0092644F,00000001,00000001,8BE85006,?,?,?), ref: 009262DE
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 009263D8
__freea.LIBCMT ref: 009263E5

Part of subcall function 00923820: RtlAllocateHeap.NTDLL(00000000,?,009C1444,?,0090FDF5,?,?,008FA976,00000010,009C1440,008F13FC,?,008F13C6,?,008F1129), ref: 00923852

__freea.LIBCMT ref: 009263EE
__freea.LIBCMT ref: 00926413

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 81c730aec32c7232a4c52f6a3555b1fc337283f9646b18615368ffa2f02b9a93
Instruction ID: 0103a9617c314935163872ab867940707f544f4353615e36eb17a403309898d9
Opcode Fuzzy Hash: 81c730aec32c7232a4c52f6a3555b1fc337283f9646b18615368ffa2f02b9a93
Instruction Fuzzy Hash: 9851E172A00226ABEB259F64FC81FBF77A9EF84710F154669FC05D6598EB34DC40C6A0

Function 0097BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON

Download Yara Rule

APIs

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

Part of subcall function 0097C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0097B6AE,?,?), ref: 0097C9B5
Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097C9F1
Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097CA68
Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0097BCCA
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0097BD25
RegCloseKey.ADVAPI32(00000000), ref: 0097BD6A
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0097BD99
RegCloseKey.ADVAPI32(?,?,00000000), ref: 0097BDF3
RegCloseKey.ADVAPI32(?), ref: 0097BDFF

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 1120388591-0
Opcode ID: cd18880ac46079d6ba9ecdedd91be880d416dc99e62764343907ec4c8efa56f3
Instruction ID: e29d11daabeb0889534e06fead5d4530b5211be2d2a6f8a3cfc3c86ea613aea6
Opcode Fuzzy Hash: cd18880ac46079d6ba9ecdedd91be880d416dc99e62764343907ec4c8efa56f3
Instruction Fuzzy Hash: D1819171218241AFD714DF24C895F2ABBE9FF84308F14895CF5998B2A2DB31ED45CB92

Function 0094F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000035), ref: 0094F7B9
SysAllocString.OLEAUT32(00000001), ref: 0094F860
VariantCopy.OLEAUT32(0094FA64,00000000), ref: 0094F889
VariantClear.OLEAUT32(0094FA64), ref: 0094F8AD
VariantCopy.OLEAUT32(0094FA64,00000000), ref: 0094F8B1
VariantClear.OLEAUT32(?), ref: 0094F8BB

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Variant$ClearCopy$AllocInitString
String ID:
API String ID: 3859894641-0
Opcode ID: 67093644b090e6545a4c66470bcf8631186d2a4e73b2e99cfb8d1b8c4a2ab50c
Instruction ID: 07de1a8ae24c5d4eccf627ec0115ad90fff2b717dd4281c8bb161c713d4f2431
Opcode Fuzzy Hash: 67093644b090e6545a4c66470bcf8631186d2a4e73b2e99cfb8d1b8c4a2ab50c
Instruction Fuzzy Hash: DC51D735A10312BADF24AB75D8A5F39B3A8EF85310F249867E906DF291DB748C40C767

Function 0096910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON

Download Yara Rule

APIs

Part of subcall function 008F7620: _wcslen.LIBCMT ref: 008F7625

Part of subcall function 008F6B57: _wcslen.LIBCMT ref: 008F6B6A

GetOpenFileNameW.COMDLG32(00000058), ref: 009694E5
_wcslen.LIBCMT ref: 00969506
_wcslen.LIBCMT ref: 0096952D
GetSaveFileNameW.COMDLG32(00000058), ref: 00969585

Strings

X, xrefs: 00969412

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _wcslen$FileName$OpenSave
String ID: X
API String ID: 83654149-3081909835
Opcode ID: 08502957145929606f9fe2dded0a7fc87468710b7793424383fd44633fdedea2
Instruction ID: 4fe25ee7eb13c5b1c3294bb044931c25abbebc943ae09498465a5752d67e8d60
Opcode Fuzzy Hash: 08502957145929606f9fe2dded0a7fc87468710b7793424383fd44633fdedea2
Instruction Fuzzy Hash: E8E1A0316083018FD724DF28C491A6AB7E8FF85314F14896DF9999B3A2EB31DD05CB92

Function 0090920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2

BeginPaint.USER32(?,?,?), ref: 00909241
GetWindowRect.USER32(?,?), ref: 009092A5
ScreenToClient.USER32(?,?), ref: 009092C2
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 009092D3
EndPaint.USER32(?,?,?,?,?), ref: 00909321
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 009471EA

Part of subcall function 00909339: BeginPath.GDI32(00000000), ref: 00909357

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
String ID:
API String ID: 3050599898-0
Opcode ID: 60dad5976a6444380c898945cef23b0004c035263f059b6fd271b92f36f1e1f3
Instruction ID: 4760c520e927ad40edd75b3296fdcbad2174fae70149f17aeab5814c232535ae
Opcode Fuzzy Hash: 60dad5976a6444380c898945cef23b0004c035263f059b6fd271b92f36f1e1f3
Instruction Fuzzy Hash: AD41AF70508305AFD721DF64DC94FBA7BB8EF8A760F140629F9A4872E2C7319845EB61

Function 009607EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 0096080C
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00960847
EnterCriticalSection.KERNEL32(?), ref: 00960863
LeaveCriticalSection.KERNEL32(?), ref: 009608DC
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 009608F3
InterlockedExchange.KERNEL32(?,000001F6), ref: 00960921

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: c1b497e8e434da5543c8963fc256e552cc903f3d4990fd15f1a07c3805b96b3d
Instruction ID: f7164a32e53687f1d47b080cd37f54a7a1536510249867a339cd6c0f2175c45b
Opcode Fuzzy Hash: c1b497e8e434da5543c8963fc256e552cc903f3d4990fd15f1a07c3805b96b3d
Instruction Fuzzy Hash: 87414871A00205EFDF14EF54DCC5AAA77B9FF84310F1440A9ED049A296DB31DE65DBA0

Function 009881DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0094F3AB,00000000,?,?,00000000,?,0094682C,00000004,00000000,00000000), ref: 0098824C
EnableWindow.USER32(?,00000000), ref: 00988272
ShowWindow.USER32(FFFFFFFF,00000000), ref: 009882D1
ShowWindow.USER32(?,00000004), ref: 009882E5
EnableWindow.USER32(?,00000001), ref: 0098830B
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0098832F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: d1852695603a934df4a23bfc07657bf0d03355debf56d6da56dae4d3e9b7f5a0
Instruction ID: aed667a52c837a04af7b4b89e7df9e2b4449cb3a76edf7b1a6b74dfb6fac90c0
Opcode Fuzzy Hash: d1852695603a934df4a23bfc07657bf0d03355debf56d6da56dae4d3e9b7f5a0
Instruction Fuzzy Hash: E241F234605600AFDB26EF14D899FE57BE4FB0A754F5802A9F5198B3A3CB31A841CB60

Function 00954C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00954C95
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00954CB2
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00954CEA
_wcslen.LIBCMT ref: 00954D08
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00954D10
_wcsstr.LIBVCRUNTIME ref: 00954D1A

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: 24a17784cf67d7b89f7ba895597f9620f4ef9e3cd64fa06223b6a23b8df4af65
Instruction ID: 0934257a437144a5f74953f585c6ff81771af3998834fae03b8561801788fc95
Opcode Fuzzy Hash: 24a17784cf67d7b89f7ba895597f9620f4ef9e3cd64fa06223b6a23b8df4af65
Instruction Fuzzy Hash: 71212972204201BBEB659B36DC09E7B7BACDF85754F104039FC05CA1D1EA71DD8497A0

Function 0096581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON

Download Yara Rule

APIs

Part of subcall function 008F3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008F3A97,?,?,008F2E7F,?,?,?,00000000), ref: 008F3AC2

_wcslen.LIBCMT ref: 0096587B
CoInitialize.OLE32(00000000), ref: 00965995
CoCreateInstance.OLE32(0098FCF8,00000000,00000001,0098FB68,?), ref: 009659AE
CoUninitialize.OLE32 ref: 009659CC

Strings

.lnk, xrefs: 00965876, 009658C1, 00965985

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
String ID: .lnk
API String ID: 3172280962-24824748
Opcode ID: bac7ae4231a90deefdba523286a3ee7d5a5d6d433ab8b081034d08b306a88da6
Instruction ID: 404b56ef5ad787b20868390ae14679673c121f2ac968137f641fb3f7b6a1b728
Opcode Fuzzy Hash: bac7ae4231a90deefdba523286a3ee7d5a5d6d433ab8b081034d08b306a88da6
Instruction Fuzzy Hash: 3BD160716087059FC714DF28C480A2ABBE5FF89724F16885DF88A9B361DB31ED45CB92

Function 0095175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00950FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00950FCA
Part of subcall function 00950FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00950FD6
Part of subcall function 00950FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00950FE5
Part of subcall function 00950FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00950FEC
Part of subcall function 00950FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00951002

GetLengthSid.ADVAPI32(?,00000000,00951335), ref: 009517AE
GetProcessHeap.KERNEL32(00000008,00000000), ref: 009517BA
HeapAlloc.KERNEL32(00000000), ref: 009517C1
CopySid.ADVAPI32(00000000,00000000,?), ref: 009517DA
GetProcessHeap.KERNEL32(00000000,00000000,00951335), ref: 009517EE
HeapFree.KERNEL32(00000000), ref: 009517F5

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: 40de2a292a9f0e3280ec14e837c43f84cf77a224d1d42e0146e5c1640986acc9
Instruction ID: b49b304d5babd192c2819bc025382b16a2bd0d1b1c1ea484e4068e43acb78e3a
Opcode Fuzzy Hash: 40de2a292a9f0e3280ec14e837c43f84cf77a224d1d42e0146e5c1640986acc9
Instruction Fuzzy Hash: 3411BE71514205FFDB10DFA9CC89BAE7BADEB49356F104118F842A7210C735A948DB60

Function 009514CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 009514FF
OpenProcessToken.ADVAPI32(00000000), ref: 00951506
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00951515
CloseHandle.KERNEL32(00000004), ref: 00951520
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0095154F
DestroyEnvironmentBlock.USERENV(00000000), ref: 00951563

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: 0c19ef74d1de1d215b3590ed0fafcb25247fde387e3bf605457b2d4ec482a77e
Instruction ID: aa273b5712318b75fc69d50f649fed27a947487b55fb00feac49d18098a17c9e
Opcode Fuzzy Hash: 0c19ef74d1de1d215b3590ed0fafcb25247fde387e3bf605457b2d4ec482a77e
Instruction Fuzzy Hash: AD1189B2204209ABDF11CFA8ED09FDE3BADEF48745F044025FE05A2160D3758E65EB60

Function 00913382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00913379,00912FE5), ref: 00913390
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0091339E
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 009133B7
SetLastError.KERNEL32(00000000,?,00913379,00912FE5), ref: 00913409

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 1e71c2d173f2d1b4a3c060dc1b9ba66c8840f6074ff3af814072d028ef41d9ca
Instruction ID: a823b491f5629116b64edc4ace8460f6441b792254fa0aac840dd7d2ffc05fb9
Opcode Fuzzy Hash: 1e71c2d173f2d1b4a3c060dc1b9ba66c8840f6074ff3af814072d028ef41d9ca
Instruction Fuzzy Hash: 62014C7331C719BEEA143BB47D866E72A78DB45375320832AF420842F0EF114D836558

Function 00922D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00925686,00933CD6,?,00000000,?,00925B6A,?,?,?,?,?,0091E6D1,?,009B8A48), ref: 00922D78
_free.LIBCMT ref: 00922DAB
_free.LIBCMT ref: 00922DD3
SetLastError.KERNEL32(00000000,?,?,?,?,0091E6D1,?,009B8A48,00000010,008F4F4A,?,?,00000000,00933CD6), ref: 00922DE0
SetLastError.KERNEL32(00000000,?,?,?,?,0091E6D1,?,009B8A48,00000010,008F4F4A,?,?,00000000,00933CD6), ref: 00922DEC
_abort.LIBCMT ref: 00922DF2

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: 5d5d0948a878205cfcef6bdea9c3252ce6cafc1d613f15f1ecd00247d78512db
Instruction ID: f86680b32435d6b1b49a02c3dc62932437b6cda95d1f5c6a1a8233ef654604f7
Opcode Fuzzy Hash: 5d5d0948a878205cfcef6bdea9c3252ce6cafc1d613f15f1ecd00247d78512db
Instruction Fuzzy Hash: A0F0C87650963077C2123738BC06F5A265DAFC27B1F254519F825962DEEE3488025270

Function 00988A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00909639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00909693
Part of subcall function 00909639: SelectObject.GDI32(?,00000000), ref: 009096A2
Part of subcall function 00909639: BeginPath.GDI32(?), ref: 009096B9
Part of subcall function 00909639: SelectObject.GDI32(?,00000000), ref: 009096E2

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00988A4E
LineTo.GDI32(?,00000003,00000000), ref: 00988A62
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00988A70
LineTo.GDI32(?,00000000,00000003), ref: 00988A80
EndPath.GDI32(?), ref: 00988A90
StrokePath.GDI32(?), ref: 00988AA0

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 7dfa47f827cf1b39b844efc346a270fc57c6cd037d3ea83a4091b9e6de7272e2
Instruction ID: 71cf376f92b9b356c7762f7f96b2da83d756f9a8bb28be5355338e64f6f8efe7
Opcode Fuzzy Hash: 7dfa47f827cf1b39b844efc346a270fc57c6cd037d3ea83a4091b9e6de7272e2
Instruction Fuzzy Hash: 2A11C97640410DFFDF129F94DC88EAA7F6DEB09394F048012FA199A2A1C7719D55EBB0

Function 009551FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00955218
GetDeviceCaps.GDI32(00000000,00000058), ref: 00955229
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00955230
ReleaseDC.USER32(00000000,00000000), ref: 00955238
MulDiv.KERNEL32(000009EC,?,00000000), ref: 0095524F
MulDiv.KERNEL32(000009EC,00000001,?), ref: 00955261

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: a15fb714d821d9daf586620b18e8fe26adec4d34aa88974722dfa91575fd46ca
Instruction ID: 1cfdf76f5d724a3ab18082eb5d282bcd4c523530a0b9b39bf6989218b931050a
Opcode Fuzzy Hash: a15fb714d821d9daf586620b18e8fe26adec4d34aa88974722dfa91575fd46ca
Instruction Fuzzy Hash: C6014FB5A04719BBEB109BB69C49E5EBFB8EF48751F044065FA04E7381DA709804DBA0

Function 008F1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 008F1BF4
MapVirtualKeyW.USER32(00000010,00000000), ref: 008F1BFC
MapVirtualKeyW.USER32(000000A0,00000000), ref: 008F1C07
MapVirtualKeyW.USER32(000000A1,00000000), ref: 008F1C12
MapVirtualKeyW.USER32(00000011,00000000), ref: 008F1C1A
MapVirtualKeyW.USER32(00000012,00000000), ref: 008F1C22

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: a327a6adff243f5cce4d78ea5385ce8f83f9955b9b05ac05cd042659000e2479
Instruction ID: fc8ab292dd90bc0ef89a85e46d3900dee26a0b6fd52c54a2410405e6beb6eb44
Opcode Fuzzy Hash: a327a6adff243f5cce4d78ea5385ce8f83f9955b9b05ac05cd042659000e2479
Instruction Fuzzy Hash: 6F016CB090275A7DE3008F5A8C85B52FFA8FF19354F00411B915C47A41C7F5A864CBE5

Function 0095EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0095EB30
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0095EB46
GetWindowThreadProcessId.USER32(?,?), ref: 0095EB55
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0095EB64
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0095EB6E
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0095EB75

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: 005d2aed1cfc04a551a6d0e6125cc0546101b03eb72e165e46cc1d86e98af5d1
Instruction ID: cff80cda1b770ac7879e6972043845e08c980ed2ee9508f85a4e9b57ef244b56
Opcode Fuzzy Hash: 005d2aed1cfc04a551a6d0e6125cc0546101b03eb72e165e46cc1d86e98af5d1
Instruction Fuzzy Hash: FCF030B2154159BBE72157529C4DEEF3A7CEFCAB11F000169F601D1291E7B05A01E7B5

Function 00947439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 00947452
SendMessageW.USER32(?,00001328,00000000,?), ref: 00947469
GetWindowDC.USER32(?), ref: 00947475
GetPixel.GDI32(00000000,?,?), ref: 00947484
ReleaseDC.USER32(?,00000000), ref: 00947496
GetSysColor.USER32(00000005), ref: 009474B0

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ClientColorMessagePixelRectReleaseSendWindow
String ID:
API String ID: 272304278-0
Opcode ID: 5c8d9e32304da0d536172f619630fd3610a7e31aeb1655edf47e5bb661e1e234
Instruction ID: 54ae2bdf0833ff4ee7de454e02939e3595bc1f7abdd83ac7eebb68741831da28
Opcode Fuzzy Hash: 5c8d9e32304da0d536172f619630fd3610a7e31aeb1655edf47e5bb661e1e234
Instruction Fuzzy Hash: 20014B71418219FFDB515FA4EC08FAABBB6FF04321F514564F916A22B1CB311E51AB60

Function 00951874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 0095187F
UnloadUserProfile.USERENV(?,?), ref: 0095188B
CloseHandle.KERNEL32(?), ref: 00951894
CloseHandle.KERNEL32(?), ref: 0095189C
GetProcessHeap.KERNEL32(00000000,?), ref: 009518A5
HeapFree.KERNEL32(00000000), ref: 009518AC

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: 38b83d5f5620a1a2b5c4ae49214e369e90f24913305e76399262173c6cb5640f
Instruction ID: 1d3479600b10cb90f07c31dac0d1b05a7c62dac21417e77ed74f5c11211be0e5
Opcode Fuzzy Hash: 38b83d5f5620a1a2b5c4ae49214e369e90f24913305e76399262173c6cb5640f
Instruction Fuzzy Hash: 09E0E5B601C101BBDB015FA1ED0CD0ABF39FF49B22B108221F22681674CB329421FF60

Function 0095C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008F7620: _wcslen.LIBCMT ref: 008F7625

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0095C6EE
_wcslen.LIBCMT ref: 0095C735
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0095C79C
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0095C7CA

Strings

0, xrefs: 0095C6AF

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: ece64f8c7f016545a6d7c00ea1687a7dc245309fbdb170a4a886e79f5c01ef4c
Instruction ID: ffcb0c55c2b5e67abdc3aebf014f92a079dd2562a3d51d63cc9ce70fa68fb183
Opcode Fuzzy Hash: ece64f8c7f016545a6d7c00ea1687a7dc245309fbdb170a4a886e79f5c01ef4c
Instruction Fuzzy Hash: D251DFB16043019FD720DF2AC884B6A77E8AB89311F040A2DFD95E36D1DB74D9088B96

Function 0097AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 0097AEA3

Part of subcall function 008F7620: _wcslen.LIBCMT ref: 008F7625

GetProcessId.KERNEL32(00000000), ref: 0097AF38
CloseHandle.KERNEL32(00000000), ref: 0097AF67

Strings

<, xrefs: 0097AE6B
@, xrefs: 0097AE72

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: 928d31db0f99b4f58ac699329cc11d752e6b4e7a77366e338dc24fa6e5f8afa6
Instruction ID: 08616e1da367323d002200085f388a26e110845e002b3c30fd174fb3192bdfe0
Opcode Fuzzy Hash: 928d31db0f99b4f58ac699329cc11d752e6b4e7a77366e338dc24fa6e5f8afa6
Instruction Fuzzy Hash: FB716C71A00619DFCB14DF68C484AAEBBF4FF48314F048499E85AAB392C774ED45CB91

Function 0095719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00957206
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0095723C
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0095724D
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 009572CF

Strings

DllGetClassObject, xrefs: 00957242

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: d0fdc213564dc6a15dc134052e0c1ae533fd915bd1f8250a69a9973fdf2e819a
Instruction ID: 865439876d309dc59b6acf20d6d467059b26e1c54e4596638f1e1d722bf165d1
Opcode Fuzzy Hash: d0fdc213564dc6a15dc134052e0c1ae533fd915bd1f8250a69a9973fdf2e819a
Instruction Fuzzy Hash: 8F4194B1604204EFDB15CF95D884B9ABBB9EF44311F1480ADBD199F20AD7B4DE49CBA0

Function 00983D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00983E35
IsMenu.USER32(?), ref: 00983E4A
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00983E92
DrawMenuBar.USER32 ref: 00983EA5

Strings

0, xrefs: 00983D89

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert
String ID: 0
API String ID: 3076010158-4108050209
Opcode ID: 3762ac7d5610186092961b7ae76948d1acad4c213cfc2a99d307558931778828
Instruction ID: 7b7bf72d8471e4a8b319d1de9000351f9572d7a2aa663b48cf6a4ee4c02c30ea
Opcode Fuzzy Hash: 3762ac7d5610186092961b7ae76948d1acad4c213cfc2a99d307558931778828
Instruction Fuzzy Hash: 2A4159B5A10209AFDF10EF50D884EAABBB9FF49750F048029F906A7352D730AE40DF60

Function 00951DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

Part of subcall function 00953CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00953CCA

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00951E66
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00951E79
SendMessageW.USER32(?,00000189,?,00000000), ref: 00951EA9

Part of subcall function 008F6B57: _wcslen.LIBCMT ref: 008F6B6A

Strings

ComboBox, xrefs: 00951DF0
ListBox, xrefs: 00951E25

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend$_wcslen$ClassName
String ID: ComboBox$ListBox
API String ID: 2081771294-1403004172
Opcode ID: e6e538c1eb02c2aff59f6af88225b96eb27745a39a6735b750276c57e43375e3
Instruction ID: cbc9c8a864a49ee56060d62fd1fcf24cbdae09b2bff251672e9fed3d78389261
Opcode Fuzzy Hash: e6e538c1eb02c2aff59f6af88225b96eb27745a39a6735b750276c57e43375e3
Instruction Fuzzy Hash: 82212671A00108AEDB14AB76DC46EFFB7B9EF81364B104529FC21E32E0DB384A0D9720

Function 00982F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00982F8D
LoadLibraryW.KERNEL32(?), ref: 00982F94
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00982FA9
DestroyWindow.USER32(?), ref: 00982FB1

Strings

SysAnimate32, xrefs: 00982F68

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend$DestroyLibraryLoadWindow
String ID: SysAnimate32
API String ID: 3529120543-1011021900
Opcode ID: 4a6d3b1d96c4e188c5e47251840b092d3dd4e135fc01171174095af41398d34c
Instruction ID: bd93dd26cfa7b7d352b2d08a8f87682cb6737393de568fe83d239185db33e7b6
Opcode Fuzzy Hash: 4a6d3b1d96c4e188c5e47251840b092d3dd4e135fc01171174095af41398d34c
Instruction Fuzzy Hash: 62216A71214209ABEB106FA4DC84EBB77BDEF99364F104628FA50D62A0D771DC91E760

Function 00914D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00914D1E,009228E9,?,00914CBE,009228E9,009B88B8,0000000C,00914E15,009228E9,00000002), ref: 00914D8D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00914DA0
FreeLibrary.KERNEL32(00000000,?,?,?,00914D1E,009228E9,?,00914CBE,009228E9,009B88B8,0000000C,00914E15,009228E9,00000002,00000000), ref: 00914DC3

Strings

mscoree.dll, xrefs: 00914D86
CorExitProcess, xrefs: 00914D98

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: e0e50d9267d8b97bbc391e1555ac134709087a5041dc3173145b9c58ecf029b4
Instruction ID: 8b006e1c5d6679c114af209c75110e5985cda9d992076b85c3ff0c81c445c140
Opcode Fuzzy Hash: e0e50d9267d8b97bbc391e1555ac134709087a5041dc3173145b9c58ecf029b4
Instruction Fuzzy Hash: E3F0A47465420CBBDF105F94DC49BDDBBB8EF84712F000054F905A2290CB305980DB90

Function 008F4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,008F4EDD,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4E9C
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 008F4EAE
FreeLibrary.KERNEL32(00000000,?,?,008F4EDD,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4EC0

Strings

kernel32.dll, xrefs: 008F4E94
Wow64DisableWow64FsRedirection, xrefs: 008F4EA8

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 145871493-3689287502
Opcode ID: 356ab0715f1260a098e6d94c7fa12aa2ef23b967beaa597bf64af929de5793f3
Instruction ID: a6cf9f1d1beb4c3d305bffa354c38f7ef104590e140c8795903e2b59f975c2de
Opcode Fuzzy Hash: 356ab0715f1260a098e6d94c7fa12aa2ef23b967beaa597bf64af929de5793f3
Instruction Fuzzy Hash: 38E04676A1AA225BD3221A25AC5CA6B6658BF81B72B050116BA04E2300DBB0C90592B0

Function 008F4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00933CDE,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4E62
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 008F4E74
FreeLibrary.KERNEL32(00000000,?,?,00933CDE,?,009C1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 008F4E87

Strings

Wow64RevertWow64FsRedirection, xrefs: 008F4E6E
kernel32.dll, xrefs: 008F4E5B

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 145871493-1355242751
Opcode ID: fec1ed4ea0937f9e58e635e20f5075c80ac058848849940eb46fec566bb71b10
Instruction ID: 08361d6a6b6f3287b5b400fa7e7f2b660ac15a11510cec4d4b340dca93eca06f
Opcode Fuzzy Hash: fec1ed4ea0937f9e58e635e20f5075c80ac058848849940eb46fec566bb71b10
Instruction Fuzzy Hash: 5AD0C23151AA2157C7321B34BC0CE9B2A18FF81F353950212BA04E2210CF70CD05D3F0

Function 00962947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00962C05
DeleteFileW.KERNEL32(?), ref: 00962C87
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00962C9D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00962CAE
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00962CC0

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: 0eec2cbb9c3e88000e7eb0f157ec07428727a1740fe7db1cc58c8a9a88965f93
Instruction ID: 674c27f5787e3bfb2fc46e2db0a0cd0b73babbbd848b3451c43beb097c378aa0
Opcode Fuzzy Hash: 0eec2cbb9c3e88000e7eb0f157ec07428727a1740fe7db1cc58c8a9a88965f93
Instruction Fuzzy Hash: 5FB16D72E0051DABDF21DBA4CC85EEEB7BDEF89350F1040A6F609E6151EB349A448F61

Function 0097A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 0097A427
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0097A435
GetProcessIoCounters.KERNEL32(00000000,?), ref: 0097A468
CloseHandle.KERNEL32(?), ref: 0097A63D

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: 4a3df05fc29f9e3ab2a15f84bd0bf2912208c441bdd72f77ffbde78675ede07f
Instruction ID: 6ebac164c5ae87270a4b2321b0b9284d76b8148b3dd5f4fb3a04e000a62e9209
Opcode Fuzzy Hash: 4a3df05fc29f9e3ab2a15f84bd0bf2912208c441bdd72f77ffbde78675ede07f
Instruction Fuzzy Hash: 2FA16D716043019FD720DF28C886B2AB7E5EF84714F14885DFA5ADB2D2DBB1ED418B92

Function 0092BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00993700), ref: 0092BB91
WideCharToMultiByte.KERNEL32(00000000,00000000,009C121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0092BC09
WideCharToMultiByte.KERNEL32(00000000,00000000,009C1270,000000FF,?,0000003F,00000000,?), ref: 0092BC36
_free.LIBCMT ref: 0092BB7F

Part of subcall function 009229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000), ref: 009229DE
Part of subcall function 009229C8: GetLastError.KERNEL32(00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000,00000000), ref: 009229F0

_free.LIBCMT ref: 0092BD4B

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 1286116820-0
Opcode ID: e972c1748526a32a8ef0499d3ee8c42489cf3c1fb6f6342aebd242db063252bc
Instruction ID: 24e4722fe85472243df1d8a004de9825e139248cf2f258c9a5de03d9efa2989e
Opcode Fuzzy Hash: e972c1748526a32a8ef0499d3ee8c42489cf3c1fb6f6342aebd242db063252bc
Instruction Fuzzy Hash: 0B510B75D04229AFCB14EF69EC81EAEB7FCEF85310B10426AE564D7299EB309D409B50

Function 0095E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0095DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0095CF22,?), ref: 0095DDFD

Part of subcall function 0095DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0095CF22,?), ref: 0095DE16

Part of subcall function 0095E199: GetFileAttributesW.KERNEL32(?,0095CF95), ref: 0095E19A

lstrcmpiW.KERNEL32(?,?), ref: 0095E473
MoveFileW.KERNEL32(?,?), ref: 0095E4AC
_wcslen.LIBCMT ref: 0095E5EB
_wcslen.LIBCMT ref: 0095E603
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0095E650

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: e510dd648590229afb81e6dee36efdf69ad5daadddb5fe59e853089e494392de
Instruction ID: 842fde59f06054babe50798a900d8808f76b87dc14a059eacaba1bf4368b1400
Opcode Fuzzy Hash: e510dd648590229afb81e6dee36efdf69ad5daadddb5fe59e853089e494392de
Instruction Fuzzy Hash: BA5174B25083455BC728DBA5D881ADB73ECAFC4341F00491EFA89D3191EF75A68C8766

Function 0097B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

Part of subcall function 0097C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0097B6AE,?,?), ref: 0097C9B5
Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097C9F1
Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097CA68
Part of subcall function 0097C998: _wcslen.LIBCMT ref: 0097CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0097BAA5
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0097BB00
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0097BB63
RegCloseKey.ADVAPI32(?,?), ref: 0097BBA6
RegCloseKey.ADVAPI32(00000000), ref: 0097BBB3

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 826366716-0
Opcode ID: e605a04c29b4858bfbc95c8a809e9d57c3c1c2c75b17c35c97c088083bd7424e
Instruction ID: 8d0ffd2f7aa837d65d2a14e06b25eacfdf19d11595c702f5d575d35a3fbd3c16
Opcode Fuzzy Hash: e605a04c29b4858bfbc95c8a809e9d57c3c1c2c75b17c35c97c088083bd7424e
Instruction Fuzzy Hash: 6661B371208205AFD714DF24C491F2ABBE9FF84348F14896DF4998B292DB31ED45CB92

Function 00958BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00958BCD
VariantClear.OLEAUT32 ref: 00958C3E
VariantClear.OLEAUT32 ref: 00958C9D
VariantClear.OLEAUT32(?), ref: 00958D10
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00958D3B

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: 6c657a4d7bba52d77d86c38485ea12ac120842d678746c4efbc5625d22bae88e
Instruction ID: 2abda499af84758aee012a2c709e3e453d06702476f69effb7ae2472510189c3
Opcode Fuzzy Hash: 6c657a4d7bba52d77d86c38485ea12ac120842d678746c4efbc5625d22bae88e
Instruction Fuzzy Hash: 04516AB5A10219EFCB10CF69C884AAAB7F9FF89310B158559E905EB350E730E911CFA0

Function 00968AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00968BAE
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00968BDA
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00968C32
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00968C57
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00968C5F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: 941b356c3a265d0201a068f16bf75a8d4341abcd1ae5c8babd048b83457225ea
Instruction ID: 033a8e456563b8f4f748e151e766854b13e76cc679aae46a57459cc3ae2a6632
Opcode Fuzzy Hash: 941b356c3a265d0201a068f16bf75a8d4341abcd1ae5c8babd048b83457225ea
Instruction Fuzzy Hash: 4E516C35A002199FDB10DF64C880E6EBBF5FF48314F088458E949AB3A2DB35ED45DBA1

Function 00978EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,00000000,?), ref: 00978F40
GetProcAddress.KERNEL32(00000000,?), ref: 00978FD0
GetProcAddress.KERNEL32(00000000,00000000), ref: 00978FEC
GetProcAddress.KERNEL32(00000000,?), ref: 00979032
FreeLibrary.KERNEL32(00000000), ref: 00979052

Part of subcall function 0090F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00961043,?,7644E610), ref: 0090F6E6
Part of subcall function 0090F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0094FA64,00000000,00000000,?,?,00961043,?,7644E610,?,0094FA64), ref: 0090F70D

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: 67c6dc2e70cd8c109929aa0752abe48fd13571d3e537103661582333d83a3dd9
Instruction ID: 7f4ec7f1caf4883287cbf00150346c94b65f77f7d1a4e0940e565c429c5bff41
Opcode Fuzzy Hash: 67c6dc2e70cd8c109929aa0752abe48fd13571d3e537103661582333d83a3dd9
Instruction Fuzzy Hash: ED513835605209DFCB11DF68C494DADBBB5FF49314B0480A9E90A9B362DB31ED86CB91

Function 00986B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 00986C33
SetWindowLongW.USER32(?,000000EC,?), ref: 00986C4A
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00986C73
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0096AB79,00000000,00000000), ref: 00986C98
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00986CC7

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: a29522c3282bee4116bf7d929874f0f8021e908342b6203ebae5ec42b70cb5c0
Instruction ID: e3f7be86c25db949c55ef003dde161b29b549cdd77504326384c2b7b77df84ab
Opcode Fuzzy Hash: a29522c3282bee4116bf7d929874f0f8021e908342b6203ebae5ec42b70cb5c0
Instruction Fuzzy Hash: 0A41A275A08104AFDB24EF28CC54FA57BA9EB09350F140628FA95AB3A1C371ED41DB50

Function 00922051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 009220C3
_free.LIBCMT ref: 009220E3

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: f6e49efe289b0dcd18b17072f6c1980b33f18cebb00fe6ca67c32637aa78bb29
Instruction ID: 32810ad49fe2be3daf3d59429027993e362e66d908f6dbb012e06e64251156f2
Opcode Fuzzy Hash: f6e49efe289b0dcd18b17072f6c1980b33f18cebb00fe6ca67c32637aa78bb29
Instruction Fuzzy Hash: 5D41F676A00210AFCB24DF78D981A5DB7F5EF89314F154568E615EB396DB31ED01CB80

Function 0090912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00909141
ScreenToClient.USER32(00000000,?), ref: 0090915E
GetAsyncKeyState.USER32(00000001), ref: 00909183
GetAsyncKeyState.USER32(00000002), ref: 0090919D

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: 7e3e3ef9b9bd65b8e8c5b8379432ffd8d24021625088f8ca1bf184f3cd48ff7f
Instruction ID: 93d877efa8da3756d8d03ce887d040d78b5b2187a1340deb29fdb6b09f0449c2
Opcode Fuzzy Hash: 7e3e3ef9b9bd65b8e8c5b8379432ffd8d24021625088f8ca1bf184f3cd48ff7f
Instruction Fuzzy Hash: E4414C71A0C60ABFDF199FA4C844BEEB774FB49324F208615E425A62D1C7346950DB91

Function 00963874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 009638CB
TranslateAcceleratorW.USER32(?,00000000,?), ref: 00963922
TranslateMessage.USER32(?), ref: 0096394B
DispatchMessageW.USER32(?), ref: 00963955
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00963966

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchInputPeekState
String ID:
API String ID: 2256411358-0
Opcode ID: 5683a3ba4275cba65b6b320124d6b317dd9a64c9b6d62945e0ce478b187d6cef
Instruction ID: b91117c0b4db8fcd6639e44824e17de2526fcd273356271d302f5ef2297c469e
Opcode Fuzzy Hash: 5683a3ba4275cba65b6b320124d6b317dd9a64c9b6d62945e0ce478b187d6cef
Instruction Fuzzy Hash: 3831977091C382DFEB39CB35D848FB637ACEB06304F14856DE452821A1E7B49A85EF21

Function 0096CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0096C21E,00000000), ref: 0096CF38
InternetReadFile.WININET(?,00000000,?,?), ref: 0096CF6F
GetLastError.KERNEL32(?,00000000,?,?,?,0096C21E,00000000), ref: 0096CFB4
SetEvent.KERNEL32(?,?,00000000,?,?,?,0096C21E,00000000), ref: 0096CFC8
SetEvent.KERNEL32(?,?,00000000,?,?,?,0096C21E,00000000), ref: 0096CFF2

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: EventInternet$AvailableDataErrorFileLastQueryRead
String ID:
API String ID: 3191363074-0
Opcode ID: 4ef373b777f00d7c80e01086bd940f851f9abfc56489e977d9031446048142ce
Instruction ID: 3df1bf5e7d6d0b08fa4a7fe0437003e3404a34a026a78361eaf3af80ce5060d1
Opcode Fuzzy Hash: 4ef373b777f00d7c80e01086bd940f851f9abfc56489e977d9031446048142ce
Instruction Fuzzy Hash: 53315CB1604205EFDB20DFA5D884ABBBBFDEB54351B10442EF556D2241DB34EE41DBA0

Function 00951901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00951915
PostMessageW.USER32(00000001,00000201,00000001), ref: 009519C1
Sleep.KERNEL32(00000000,?,?,?), ref: 009519C9
PostMessageW.USER32(00000001,00000202,00000000), ref: 009519DA
Sleep.KERNEL32(00000000,?,?,?,?), ref: 009519E2

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: c167b0110a62adcd76fe9bf26025381423dde2194a52981a5ed1f4fd1d67f1a0
Instruction ID: a218e045c33333a644fe106cd7db929c677f89d7065d5e5d187fc54a88b89c6e
Opcode Fuzzy Hash: c167b0110a62adcd76fe9bf26025381423dde2194a52981a5ed1f4fd1d67f1a0
Instruction Fuzzy Hash: 5531C071A04219EFCB00CFA9DDA9BDE7BB5EB44316F104229FD21A72D1C7709948DBA0

Function 00985706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001053,000000FF,?), ref: 00985745
SendMessageW.USER32(?,00001074,?,00000001), ref: 0098579D
_wcslen.LIBCMT ref: 009857AF
_wcslen.LIBCMT ref: 009857BA
SendMessageW.USER32(?,00001002,00000000,?), ref: 00985816

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend$_wcslen
String ID:
API String ID: 763830540-0
Opcode ID: 6631b6bc0887d3f7ab496b57c52c82e2fd206b3d6b91b096c3df794e41530a29
Instruction ID: 8d6ef2dde9f79e295369ddada13f51fde0fa8f06dbd94c7a556148f48a683673
Opcode Fuzzy Hash: 6631b6bc0887d3f7ab496b57c52c82e2fd206b3d6b91b096c3df794e41530a29
Instruction Fuzzy Hash: CE21A5719146189ADF20AFA1CC84AEDB7BCFF44724F108216E929EA294D7748989CF50

Function 0090990C Relevance: 7.6, APIs: 5, Instructions: 72COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 009098CC
SetTextColor.GDI32(?,?), ref: 009098D6
SetBkMode.GDI32(?,00000001), ref: 009098E9
GetStockObject.GDI32(00000005), ref: 009098F1
GetWindowLongW.USER32(?,000000EB), ref: 00909952

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Color$LongModeObjectStockTextWindow
String ID:
API String ID: 1860813098-0
Opcode ID: 2c4316f8d7acc33cf92d249c1b9ad61c279feb9e0f667cb92fd1554792296f3e
Instruction ID: bd066b8c8501479550aaaa8fcc6e8cc687623391e48ad5e63f18d772c6d01c92
Opcode Fuzzy Hash: 2c4316f8d7acc33cf92d249c1b9ad61c279feb9e0f667cb92fd1554792296f3e
Instruction Fuzzy Hash: E32107715493509FC7228F34EC5DEEA3BA4AF53330B18426DE9A28A2E3C3311952DB50

Function 00970930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00970951
GetForegroundWindow.USER32 ref: 00970968
GetDC.USER32(00000000), ref: 009709A4
GetPixel.GDI32(00000000,?,00000003), ref: 009709B0
ReleaseDC.USER32(00000000,00000003), ref: 009709E8

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: 0da4a121a8aa107f6af78265044b5b625fd95cff72cce13a1e44cc19657a1161
Instruction ID: aaded5a7e0ba4562505f6fad48233ab18b16061a81ec7fb386a1840f0d3d27a5
Opcode Fuzzy Hash: 0da4a121a8aa107f6af78265044b5b625fd95cff72cce13a1e44cc19657a1161
Instruction Fuzzy Hash: 02216275600204EFD704EF69D984A6EBBE5FF88740F048468E94AD7351DB70AC44DB50

Function 0092CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0092CDC6
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0092CDE9

Part of subcall function 00923820: RtlAllocateHeap.NTDLL(00000000,?,009C1444,?,0090FDF5,?,?,008FA976,00000010,009C1440,008F13FC,?,008F13C6,?,008F1129), ref: 00923852

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0092CE0F
_free.LIBCMT ref: 0092CE22
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0092CE31

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: 3e2516858737398fb9b20461449db299097f7e51898a349247a9c93f79da7aa5
Instruction ID: 2d6d8831caf73134e387f9570de7db9203e426b18e6e3504f5fc207da228d8ae
Opcode Fuzzy Hash: 3e2516858737398fb9b20461449db299097f7e51898a349247a9c93f79da7aa5
Instruction Fuzzy Hash: C901D4F26052357F632116B67C8CD7F6A6DDEC6BA13160129F905C7208EA718D0293B1

Function 00909639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00909693
SelectObject.GDI32(?,00000000), ref: 009096A2
BeginPath.GDI32(?), ref: 009096B9
SelectObject.GDI32(?,00000000), ref: 009096E2

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: c10fd0ca6dad42c7d066ae305b1a88c4c0158e427f1b2249aa049b2eccb31b9c
Instruction ID: 2989a4f3844f96aa29287f76321c15df37affefffc47032d9480784db2904502
Opcode Fuzzy Hash: c10fd0ca6dad42c7d066ae305b1a88c4c0158e427f1b2249aa049b2eccb31b9c
Instruction Fuzzy Hash: B6218E71C2A305EFDB119F64FC18BA97BA8BB42755F100216F410A71F2D3769891EFA8

Function 00955711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00955726
_memcmp.LIBVCRUNTIME ref: 00955744
_memcmp.LIBVCRUNTIME ref: 00955757
_memcmp.LIBVCRUNTIME ref: 0095576F
_memcmp.LIBVCRUNTIME ref: 00955787

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: f85df4892e1fc945362be07ba8a6812730615e0d23bb2612d79c591f8ef832b7
Instruction ID: a6c21e0711ed6d8596613dc17296ef0679de652b74404c14395c698df4c41f14
Opcode Fuzzy Hash: f85df4892e1fc945362be07ba8a6812730615e0d23bb2612d79c591f8ef832b7
Instruction Fuzzy Hash: E901B56174160DBBD208E5129DA2FFB735C9BA539AF124020FE189A246F760EE5583A0

Function 00922DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,0091F2DE,00923863,009C1444,?,0090FDF5,?,?,008FA976,00000010,009C1440,008F13FC,?,008F13C6), ref: 00922DFD
_free.LIBCMT ref: 00922E32
_free.LIBCMT ref: 00922E59
SetLastError.KERNEL32(00000000,008F1129), ref: 00922E66
SetLastError.KERNEL32(00000000,008F1129), ref: 00922E6F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 55402ffa181676f238221370f89edcf406933b10c8dffae9e5271193ae071f02
Instruction ID: 35385532abde35bcd4ee0a01f05626c09fc9d6a45bf19121dafea41bf75630f4
Opcode Fuzzy Hash: 55402ffa181676f238221370f89edcf406933b10c8dffae9e5271193ae071f02
Instruction Fuzzy Hash: C801287620963077C61267387C46E3F265DABD53B5B224539F425A22DEEF78CC017130

Function 0095000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0094FF41,80070057,?,?,?,0095035E), ref: 0095002B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0094FF41,80070057,?,?), ref: 00950046
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0094FF41,80070057,?,?), ref: 00950054
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0094FF41,80070057,?), ref: 00950064
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0094FF41,80070057,?,?), ref: 00950070

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: 7677b58dabb199c201c0a56b5ea1a1549ce8ee607f44c389ddf3641f08aeee1e
Instruction ID: 237ae4d09a669cbe09e0938e0e390c9f1a8e68cae5795dcb2ee09883552ff000
Opcode Fuzzy Hash: 7677b58dabb199c201c0a56b5ea1a1549ce8ee607f44c389ddf3641f08aeee1e
Instruction Fuzzy Hash: 9301ADB2610208BFDB108F7AEC04BAA7AEDEF84792F144124FD05D2250E775DD44EBA0

Function 0095E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 0095E997
QueryPerformanceFrequency.KERNEL32(?), ref: 0095E9A5
Sleep.KERNEL32(00000000), ref: 0095E9AD
QueryPerformanceCounter.KERNEL32(?), ref: 0095E9B7
Sleep.KERNEL32 ref: 0095E9F3

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: f66f3f05bdf41356161b5d79c5d1d8896b0bcf83372fc6598009ea329e4faec1
Instruction ID: 8612d23cfa773b05ab4f6c628adb319e775c4b73465da1bdc61ee221ff418b56
Opcode Fuzzy Hash: f66f3f05bdf41356161b5d79c5d1d8896b0bcf83372fc6598009ea329e4faec1
Instruction Fuzzy Hash: DE015B71C0992DDBCF04DBE6D8A96DDBB78BF09312F000546E912B2240DB359658DBA1

Function 009510F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00951114
GetLastError.KERNEL32(?,00000000,00000000,?,?,00950B9B,?,?,?), ref: 00951120
GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00950B9B,?,?,?), ref: 0095112F
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00950B9B,?,?,?), ref: 00951136
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0095114D

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: ddc16a73a4d9934c3e9786adebdaa60bbd9ab52de6a37ab8c8a1fac2494e18f6
Instruction ID: 312958ab65b7ce9201ddb91bc6d34f4630b7c44990a167de61a8cc158dd31d38
Opcode Fuzzy Hash: ddc16a73a4d9934c3e9786adebdaa60bbd9ab52de6a37ab8c8a1fac2494e18f6
Instruction Fuzzy Hash: E50169B5204605BFDB114FA5EC8DA6A3B6EEF893A1B210459FA41C3360DB31DC00AF70

Function 00950FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00950FCA
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00950FD6
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00950FE5
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00950FEC
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00951002

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 05dc642baa079505d1896cbe168a8578709f2198673c36c1d0970c209b5728da
Instruction ID: d44614f1bf37165b86b6e435cc61a42810b51cb8d45b5b8d61f2a182a577e7b6
Opcode Fuzzy Hash: 05dc642baa079505d1896cbe168a8578709f2198673c36c1d0970c209b5728da
Instruction Fuzzy Hash: 0DF0A9B5204301ABDB214FA5AC8DF563BADEF89762F500414FA06CA3A0CA30DC409B70

Function 00951014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0095102A
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00951036
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00951045
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0095104C
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00951062

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: f84297416c9fc4c7e858ba5c1ddadd645984044e9494ead3ea0fd7eb2038e9c6
Instruction ID: baf3682b592b27c4ba79766cbd79b5062f32e2592f00e0229811729352517931
Opcode Fuzzy Hash: f84297416c9fc4c7e858ba5c1ddadd645984044e9494ead3ea0fd7eb2038e9c6
Instruction Fuzzy Hash: ADF049B5214311ABDB215FA5EC89F563BADEF89762F200415FA46CA390CA70D8409B70

Function 0096030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,0096017D,?,009632FC,?,00000001,00932592,?), ref: 00960324
CloseHandle.KERNEL32(?,?,?,?,0096017D,?,009632FC,?,00000001,00932592,?), ref: 00960331
CloseHandle.KERNEL32(?,?,?,?,0096017D,?,009632FC,?,00000001,00932592,?), ref: 0096033E
CloseHandle.KERNEL32(?,?,?,?,0096017D,?,009632FC,?,00000001,00932592,?), ref: 0096034B
CloseHandle.KERNEL32(?,?,?,?,0096017D,?,009632FC,?,00000001,00932592,?), ref: 00960358
CloseHandle.KERNEL32(?,?,?,?,0096017D,?,009632FC,?,00000001,00932592,?), ref: 00960365

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: a5faedbb953917f40f8bd14464a36135fb5a505c3098cd1ef28b3694dae35065
Instruction ID: 7bd0e89fce1596de5c5f8d6c0303f6ee166fb8f00914e98c18cecc1ce62e113b
Opcode Fuzzy Hash: a5faedbb953917f40f8bd14464a36135fb5a505c3098cd1ef28b3694dae35065
Instruction Fuzzy Hash: C3019C72800B159FCB31AF66D8C0813FBF9BEA02163158A3FD19652A31C3B1A959DF80

Function 0092D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0092D752

Part of subcall function 009229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000), ref: 009229DE
Part of subcall function 009229C8: GetLastError.KERNEL32(00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000,00000000), ref: 009229F0

_free.LIBCMT ref: 0092D764
_free.LIBCMT ref: 0092D776
_free.LIBCMT ref: 0092D788
_free.LIBCMT ref: 0092D79A

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: a6a4e89e33fc9abf51531943232a2e317a1f1c8a8344c686ed57a7ed2260a3c7
Instruction ID: 66b714df6f8f18e7a699d7a08d057454206196183bd17d896bcc71311c97567f
Opcode Fuzzy Hash: a6a4e89e33fc9abf51531943232a2e317a1f1c8a8344c686ed57a7ed2260a3c7
Instruction Fuzzy Hash: 9EF036B2559224BB9625EB64FBC5D1677DDBB487207E40D05F048D7509C734FCC09674

Function 00955C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00955C58
GetWindowTextW.USER32(00000000,?,00000100), ref: 00955C6F
MessageBeep.USER32(00000000), ref: 00955C87
KillTimer.USER32(?,0000040A), ref: 00955CA3
EndDialog.USER32(?,00000001), ref: 00955CBD

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 112560c5e030b766d397e598d55644a42dc849bc8d06f7606d734f23052861ac
Instruction ID: e9d3df6d0bfa99b6b5ae344b584773099459819a8750f3383f70ed760f5cf2c3
Opcode Fuzzy Hash: 112560c5e030b766d397e598d55644a42dc849bc8d06f7606d734f23052861ac
Instruction Fuzzy Hash: 05018B705147049BEB205B11DD5EFA577B8BF00706F010569A593A15E2E7F459489B50

Function 009222A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 009222BE

Part of subcall function 009229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000), ref: 009229DE
Part of subcall function 009229C8: GetLastError.KERNEL32(00000000,?,0092D7D1,00000000,00000000,00000000,00000000,?,0092D7F8,00000000,00000007,00000000,?,0092DBF5,00000000,00000000), ref: 009229F0

_free.LIBCMT ref: 009222D0
_free.LIBCMT ref: 009222E3
_free.LIBCMT ref: 009222F4
_free.LIBCMT ref: 00922305

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f982dc891758c0d3cfad26e07906f758837887e5d16d23d7d83ed850c249ddf3
Instruction ID: dffeb859a83b07a30fcb7ec0fb1d388e1d74fd8db7663f4d1a7498515183c410
Opcode Fuzzy Hash: f982dc891758c0d3cfad26e07906f758837887e5d16d23d7d83ed850c249ddf3
Instruction Fuzzy Hash: BFF054B8C28131EBC612AF54BD01D483F64F75D7A1B41060AF430D227AC7350491BFE8

Function 009095C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 009095D4
StrokeAndFillPath.GDI32(?,?,009471F7,00000000,?,?,?), ref: 009095F0
SelectObject.GDI32(?,00000000), ref: 00909603
DeleteObject.GDI32 ref: 00909616
StrokePath.GDI32(?), ref: 00909631

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: 2adbe466f3bf60240b8bcd48248057820617a25519f1eb3a79760b39561467b4
Instruction ID: e12c954efd258de4eb00ef41f551fb9c39a20355b8131db33c27275d499cea0c
Opcode Fuzzy Hash: 2adbe466f3bf60240b8bcd48248057820617a25519f1eb3a79760b39561467b4
Instruction Fuzzy Hash: D9F03C3042D704EFDB525F65FD1CB643B65AB023A2F048214F425551F2C73589A1FF28

Function 00920F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 009210F9
__freea.LIBCMT ref: 00921117

Part of subcall function 00921537: _free.LIBCMT ref: 0092154F

Strings

a/p, xrefs: 009211DE
am/pm, xrefs: 0092117A

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: 52e1eebd8e2b19254d5781e861a24b8895930254af2a373638b9ce3cf07c8c29
Instruction ID: a7422413a7bec28fcb12c79a09468dd5b8b48d782241039faef3de3e3a7d0d3a
Opcode Fuzzy Hash: 52e1eebd8e2b19254d5781e861a24b8895930254af2a373638b9ce3cf07c8c29
Instruction Fuzzy Hash: D5D14631D00226DBCB28DF68E845BFEB7BAFF25310F244119E9019B659D3399DA1CB91

Function 00977B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 00910242: EnterCriticalSection.KERNEL32(009C070C,009C1884,?,?,0090198B,009C2518,?,?,?,008F12F9,00000000), ref: 0091024D
Part of subcall function 00910242: LeaveCriticalSection.KERNEL32(009C070C,?,0090198B,009C2518,?,?,?,008F12F9,00000000), ref: 0091028A

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

Part of subcall function 009100A3: __onexit.LIBCMT ref: 009100A9

__Init_thread_footer.LIBCMT ref: 00977BFB

Part of subcall function 009101F8: EnterCriticalSection.KERNEL32(009C070C,?,?,00908747,009C2514), ref: 00910202
Part of subcall function 009101F8: LeaveCriticalSection.KERNEL32(009C070C,?,00908747,009C2514), ref: 00910235

Strings

Variable must be of type 'Object'., xrefs: 00977C3A
G, xrefs: 00977C7F
5, xrefs: 00977C78

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
String ID: 5$G$Variable must be of type 'Object'.
API String ID: 535116098-3733170431
Opcode ID: ac5832dd391feb942b88cefb021baf66c090ad3d3ef5fe9dde7a9e3693472587
Instruction ID: 2c148de569c3d5f7dc2f5365400e627a22bb71e23644b553b4af5633ad3ffa51
Opcode Fuzzy Hash: ac5832dd391feb942b88cefb021baf66c090ad3d3ef5fe9dde7a9e3693472587
Instruction Fuzzy Hash: DA917B72A04209AFCB14EF94C891EBDB7B5FF89304F14C459F84A9B291DB71AE41CB51

Function 00952716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0095B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,009521D0,?,?,00000034,00000800,?,00000034), ref: 0095B42D

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00952760

Part of subcall function 0095B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,009521FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0095B3F8

Part of subcall function 0095B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0095B355
Part of subcall function 0095B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00952194,00000034,?,?,00001004,00000000,00000000), ref: 0095B365
Part of subcall function 0095B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00952194,00000034,?,?,00001004,00000000,00000000), ref: 0095B37B

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 009527CD
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0095281A

Strings

@, xrefs: 00952832

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: 2309f8415da2c5e4654c0740a0fedd3c0555296d05a2cc1f774ff0801fc0a4b7
Instruction ID: 0887675ed70aa437ecf6d7ff2815e2f3016b971ededaa206c8ca2a8e6e60c0c0
Opcode Fuzzy Hash: 2309f8415da2c5e4654c0740a0fedd3c0555296d05a2cc1f774ff0801fc0a4b7
Instruction Fuzzy Hash: 1E412A72900218AFDB10DFA5CD85BEEBBB8EF49300F104099FA55B7191DB706E49CBA1

Function 0092172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00921769
_free.LIBCMT ref: 00921834
_free.LIBCMT ref: 0092183E

Strings

C:\Users\user\Desktop\file.exe, xrefs: 00921760, 00921767, 00921796, 009217CE

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\Desktop\file.exe
API String ID: 2506810119-3695852857
Opcode ID: 1dac456ac3c07363a6f63ff5e09106ab1136959612daf855b7282296184bda2c
Instruction ID: 8155c4763cc54112444808a73fb0ac8a14ec7ea4f22167d9a63a6727db2f7d9a
Opcode Fuzzy Hash: 1dac456ac3c07363a6f63ff5e09106ab1136959612daf855b7282296184bda2c
Instruction Fuzzy Hash: 2E318D75E04228ABDB21DF99A885E9EBBFCEBE5310B104166F80497215D6708E90DBA0

Function 0095C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0095C306
DeleteMenu.USER32(?,00000007,00000000), ref: 0095C34C
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,009C1990,01244800), ref: 0095C395

Strings

0, xrefs: 0095C2DF

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: c192f5551f170c0b8c35fd3aa46fee0b43a52a914d444e257b4b1f2d12ddf85a
Instruction ID: 4e4ed8f7d566a18b8e51a684cb4f39f1747e2a59e3ddf5174e24faa856da53f4
Opcode Fuzzy Hash: c192f5551f170c0b8c35fd3aa46fee0b43a52a914d444e257b4b1f2d12ddf85a
Instruction Fuzzy Hash: F641A5B12083059FDB20DF26D844B5ABBE8EF85312F148A1DFDA5972D1D730E908CB62

Function 00984416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0098CC08,00000000,?,?,?,?), ref: 009844AA
GetWindowLongW.USER32 ref: 009844C7
SetWindowLongW.USER32(?,000000F0,00000000), ref: 009844D7

Strings

SysTreeView32, xrefs: 0098447C

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: 2be96c39e1a6e9300b2fe276f963739b98b0d206b43bb212c9b640d00d09f322
Instruction ID: a0f5d58cd4cc885cb91a48399660db8214446a82756ecf5e50293cfcfb858b5e
Opcode Fuzzy Hash: 2be96c39e1a6e9300b2fe276f963739b98b0d206b43bb212c9b640d00d09f322
Instruction Fuzzy Hash: A6319C71214606AFDB20AE78DC45BEA7BA9EF49334F204725F975E22E0D770AC509B60

Function 0097304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0097335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00973077,?,?), ref: 00973378

inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0097307A
_wcslen.LIBCMT ref: 0097309B
htons.WSOCK32(00000000,?,?,00000000), ref: 00973106

Strings

255.255.255.255, xrefs: 00973095, 0097309A

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ByteCharMultiWide_wcslenhtonsinet_addr
String ID: 255.255.255.255
API String ID: 946324512-2422070025
Opcode ID: bf5066e0031f277d8c126c4540434db6074cb527775ee44dc4954be27ec88c49
Instruction ID: 4d79d243f49a57aa67ea148284f599c4218f033d9acab52977be99da8b86b0cb
Opcode Fuzzy Hash: bf5066e0031f277d8c126c4540434db6074cb527775ee44dc4954be27ec88c49
Instruction Fuzzy Hash: DE31E43A2042059FCB20CF28C585FAA77E4EF54318F64C459E9198B392DB32EE41D761

Function 00983EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00983F40
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00983F54
SendMessageW.USER32(?,00001002,00000000,?), ref: 00983F78

Strings

SysMonthCal32, xrefs: 00983F0B

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: eaa2eb7feb0b8510d77321d70cc41d0da7c4e26e54e484f063fb778e6bddfcdb
Instruction ID: 336e7be40c82c7fb7a454ef771547c998e04d6f48eaa4a26fea656c55682b2b5
Opcode Fuzzy Hash: eaa2eb7feb0b8510d77321d70cc41d0da7c4e26e54e484f063fb778e6bddfcdb
Instruction Fuzzy Hash: 9221BF32610219BBEF159F50CC46FEA3B79EF88714F114214FE156B2D0D6B5E9509BA0

Function 00984653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00984705
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00984713
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0098471A

Strings

msctls_updown32, xrefs: 00984684

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: fde0d57fab1c6b0c77ed8503a20e856e00b16d2bfb27e42fc81063397601b691
Instruction ID: 780c5b7a11206e62de86ec308365a6c17521f2b066a6bfbbd69c6cdf839df1ce
Opcode Fuzzy Hash: fde0d57fab1c6b0c77ed8503a20e856e00b16d2bfb27e42fc81063397601b691
Instruction Fuzzy Hash: D2215CB5604209AFDB10EF68DC81DB737ADEF8A3A8B140059FA009B351DB30EC11DB60

Function 009595AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0095961D

Strings

#OnAutoItStartRegister, xrefs: 009595F3
#notrayicon, xrefs: 009595B7
#requireadmin, xrefs: 009595D9

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _wcslen
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 176396367-2734436370
Opcode ID: 7856a5830354c0c14b66d8faac22ce38b9a389e16a30efd675d0efb8e58c93cd
Instruction ID: f5ed8ffcf2e20296d7236a98de1165e618de7bae60009513b4cfc7effc994d95
Opcode Fuzzy Hash: 7856a5830354c0c14b66d8faac22ce38b9a389e16a30efd675d0efb8e58c93cd
Instruction Fuzzy Hash: 4A214332204210A6E731FB2AD816FBB739CAFA1311F404426FD49DB181EB54AE9EC391

Function 009837B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00983840
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00983850
MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00983876

Strings

Listbox, xrefs: 0098380F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: e8922af46ebc67db81c7d1490f66a9e0ecec6aee1ecd095cb899ae0d68f76702
Instruction ID: c92047bf27b5752727db02274939ee2abfa51a4624df99c629ad6721501b273d
Opcode Fuzzy Hash: e8922af46ebc67db81c7d1490f66a9e0ecec6aee1ecd095cb899ae0d68f76702
Instruction Fuzzy Hash: A821A472614118BBEF119F64CC45FBB376EEF89B54F11C124F9059B290DA71DC5287A0

Function 009649F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00964A08
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00964A5C
SetErrorMode.KERNEL32(00000000,?,?,0098CC08), ref: 00964AD0

Strings

%lu, xrefs: 00964A6F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: c598c526926cfb3d5396b8d7acf7d16f44d21eff65592990a4d2be94724d5082
Instruction ID: 1908d7aea122f5f6a24cb997e1c5b9eab71a44fd123c17caa7e2e65383eaaf96
Opcode Fuzzy Hash: c598c526926cfb3d5396b8d7acf7d16f44d21eff65592990a4d2be94724d5082
Instruction Fuzzy Hash: 78316275A04109AFDB10DFA8C985EAA7BF8EF48308F1480A5F909DB352D771EE45CB61

Function 009841EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0098424F
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00984264
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00984271

Strings

msctls_trackbar32, xrefs: 00984226

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: cc91aae644ab7516907681dd97952e7e2eb3f37c2ba2d8cc0ed2fe67d04cb58d
Instruction ID: bdf3b5ec0fe69ab98244b9ae42994fd975f5743be0348936e3e22b98db770ca4
Opcode Fuzzy Hash: cc91aae644ab7516907681dd97952e7e2eb3f37c2ba2d8cc0ed2fe67d04cb58d
Instruction Fuzzy Hash: 36110A312542097EEF206F78CC05FAB37ACEF95754F110514FA55E2190D671DC619720

Function 00952F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008F6B57: _wcslen.LIBCMT ref: 008F6B6A

Part of subcall function 00952DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00952DC5
Part of subcall function 00952DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00952DD6
Part of subcall function 00952DA7: GetCurrentThreadId.KERNEL32 ref: 00952DDD
Part of subcall function 00952DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00952DE4

GetFocus.USER32 ref: 00952F78

Part of subcall function 00952DEE: GetParent.USER32(00000000), ref: 00952DF9

GetClassNameW.USER32(?,?,00000100), ref: 00952FC3
EnumChildWindows.USER32(?,0095303B), ref: 00952FEB

Strings

%s%d, xrefs: 00952FFF

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
String ID: %s%d
API String ID: 1272988791-1110647743
Opcode ID: 5d5ba465b757e667f5b4f158539c3e10159a65d260bf61d2b90a2c5f12d01d4c
Instruction ID: dd8bc96bf30217928c7d32ea05fefc61db48592320b83c4f0db27874e574a14c
Opcode Fuzzy Hash: 5d5ba465b757e667f5b4f158539c3e10159a65d260bf61d2b90a2c5f12d01d4c
Instruction Fuzzy Hash: F9118EB16002096BCF54BF759895BED376AAF84315F048075BD09AB292EE3099499B70

Function 00985882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009858C1
SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009858EE
DrawMenuBar.USER32(?), ref: 009858FD

Strings

0, xrefs: 0098588F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: 0
API String ID: 3227129158-4108050209
Opcode ID: 9ad85845ec3a5f979167cdfc4b54cd6dfcac09394aac2ed606283f97fe69d2ef
Instruction ID: bacfbe3b3e65feb65906337405c4b79edb322a4483e97f8840d4c45950641f89
Opcode Fuzzy Hash: 9ad85845ec3a5f979167cdfc4b54cd6dfcac09394aac2ed606283f97fe69d2ef
Instruction Fuzzy Hash: AC016171514218EFDB21AF11DC44BAEBBB8FB45360F108099F849D6261DB318A84EF31

Function 0094D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0094D3BF
FreeLibrary.KERNEL32 ref: 0094D3E5

Strings

X64, xrefs: 0094D2A8
GetSystemWow64DirectoryW, xrefs: 0094D3B9

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: GetSystemWow64DirectoryW$X64
API String ID: 3013587201-2590602151
Opcode ID: 570362608216ada18e1b2bd3d41c1010e54a7dee6f3ffa9c3581c588f2aefc60
Instruction ID: 19aa8892be232a7f3170ed7cb5bb642380e1ec2c60339b0a08753b32bfbe6d2d
Opcode Fuzzy Hash: 570362608216ada18e1b2bd3d41c1010e54a7dee6f3ffa9c3581c588f2aefc60
Instruction Fuzzy Hash: A2F0ABBA90B720DBE3312A108CA8E6D33A8AF00F05B948999F402F1344F7B4CD44C7A2

Function 0095007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb8c1e0266bd2f1642dda701486357262a373d00f6e8ab543c27623a3464e18e
Instruction ID: e1e58fcdfde81a847f8b94ac77b79ee94c1de9200a2dba339a8156e3eda4395d
Opcode Fuzzy Hash: fb8c1e0266bd2f1642dda701486357262a373d00f6e8ab543c27623a3464e18e
Instruction Fuzzy Hash: 5BC15B75A0020AEFDB14CFA5C894AAEB7B9FF88305F208598E905EB251D731ED45CB90

Function 00923E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00923F0B
__alldvrm.LIBCMT ref: 0092410C
__alldvrm.LIBCMT ref: 0092412E

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction ID: e8c1d438d68bbf21f1159fdd1b8297343b1a68b3ade44c338256b2e06caba46e
Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction Fuzzy Hash: 54A19D71E043A69FEB11CF18E8917AEBFF8EF61350F14416DE5959B286C2389D81CB90

Function 0097342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00973459
CoUninitialize.OLE32 ref: 00973463
VariantInit.OLEAUT32(?), ref: 0097346E
VariantClear.OLEAUT32(?), ref: 0097371B

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Variant$ClearInitInitializeUninitialize
String ID:
API String ID: 1998397398-0
Opcode ID: e555382239a3ced1f9863b59d036c6097beae104d7d2dc5432f9696b4927db29
Instruction ID: b0c1b7e6e6f7979f6306823278ecb1675f2e9f21309688672ce6fb98c353e5e8
Opcode Fuzzy Hash: e555382239a3ced1f9863b59d036c6097beae104d7d2dc5432f9696b4927db29
Instruction Fuzzy Hash: CAA136762042049FD710DF28C485A2AB7E9FF88714F04C859F98ADB362DB70EE05DB92

Function 00950436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0098FC08,?), ref: 009505F0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0098FC08,?), ref: 00950608
CLSIDFromProgID.OLE32(?,?,00000000,0098CC40,000000FF,?,00000000,00000800,00000000,?,0098FC08,?), ref: 0095062D
_memcmp.LIBVCRUNTIME ref: 0095064E

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: 8286e5f8c77004073aedcbbbf61a5dfebb279a493edf25962155001052931db6
Instruction ID: 8e29029afa95f8bafbdc7f51146f4d202d7e9075f004fe16d8948b4da58d886a
Opcode Fuzzy Hash: 8286e5f8c77004073aedcbbbf61a5dfebb279a493edf25962155001052931db6
Instruction Fuzzy Hash: 1881F875A00109EFCB04DF95C984EEEB7B9FF89315F204558F916AB250DB71AE0ACB60

Function 00931391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 009314C0

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 0c96552cccde9c864080fb765f4c896aa649df171f9deecbe8e14dbab907e8e2
Instruction ID: 1ba89932a9edecda37c556105455fdba195be47e195ca395ee1ae8cd4947fb54
Opcode Fuzzy Hash: 0c96552cccde9c864080fb765f4c896aa649df171f9deecbe8e14dbab907e8e2
Instruction Fuzzy Hash: 5D415D35B00118ABDB257BBD9C4A7FE3BA9EF81370F144625F429D61B2E63448815B61

Function 00986278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 009862E2
ScreenToClient.USER32(?,?), ref: 00986315
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00986382

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: 68187221f5e043ae4cb247eaa7b6cd7797fd8de34406fbe914fc49f1f9f13c55
Instruction ID: 51e811f76d4bdd757325801e130ef449b1cde97ff6ee3f5f405fc274f20845ba
Opcode Fuzzy Hash: 68187221f5e043ae4cb247eaa7b6cd7797fd8de34406fbe914fc49f1f9f13c55
Instruction Fuzzy Hash: 52510A75A00209EFDB14EF68D880AAE7BB9FB45360F10816AF965DB3A1D730ED41DB50

Function 00971AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 00971AFD
WSAGetLastError.WSOCK32 ref: 00971B0B
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00971B8A
WSAGetLastError.WSOCK32 ref: 00971B94

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: 87744a3f9a1ae3a5dbf15f6ed606934cf26d045a0fd8142974d5ed696d819dd6
Instruction ID: cf60e2f32cf1d0f933f71cb75f6fa7597e2aab65361fdb3215770aa331ccd76a
Opcode Fuzzy Hash: 87744a3f9a1ae3a5dbf15f6ed606934cf26d045a0fd8142974d5ed696d819dd6
Instruction Fuzzy Hash: F7418D75600200AFE720AF28C886F3977A5EB88718F54C458FA1A9F3D3E772DD418B91

Function 0092B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 354563c79da79c662a4a648904f11fe7923e9f7bad3475a8119bc8be045a745a
Instruction ID: 60c31b9b64278f404b1c30f463bf3ddb71b3f00c510a80857258efa1f2f5e769
Opcode Fuzzy Hash: 354563c79da79c662a4a648904f11fe7923e9f7bad3475a8119bc8be045a745a
Instruction Fuzzy Hash: 1F412C71A00714BFD724AF38DC81BAA7BE9EBC4710F10452EF556DB691D77199418B80

Function 009656D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00965783
GetLastError.KERNEL32(?,00000000), ref: 009657A9
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 009657CE
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 009657FA

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: 6d6a4775e2c3b80314e8f5675d9cb7a639296ecbdb6f03fba2b75ae5376115ba
Instruction ID: 20d8aa28c3deee9a0319e28c3821fa1089112e819853a774efd60da8a8c29038
Opcode Fuzzy Hash: 6d6a4775e2c3b80314e8f5675d9cb7a639296ecbdb6f03fba2b75ae5376115ba
Instruction Fuzzy Hash: 53413E35600615DFCB11DF29C544A2DBBE6FF89320B198488E94A9B362CB74FD04CB91

Function 0092D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00916D71,00000000,00000000,009182D9,?,009182D9,?,00000001,00916D71,8BE85006,00000001,009182D9,009182D9), ref: 0092D910
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0092D999
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0092D9AB
__freea.LIBCMT ref: 0092D9B4

Part of subcall function 00923820: RtlAllocateHeap.NTDLL(00000000,?,009C1444,?,0090FDF5,?,?,008FA976,00000010,009C1440,008F13FC,?,008F13C6,?,008F1129), ref: 00923852

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 3eb9f8bb08e7944f5af3febab8952e1cf6b22e92e7e5f8328a6e6171be92336c
Instruction ID: 0ed5601a82d72e5742b00866dc6b64c472e2978e5f216d22c82d6276eb7083ef
Opcode Fuzzy Hash: 3eb9f8bb08e7944f5af3febab8952e1cf6b22e92e7e5f8328a6e6171be92336c
Instruction Fuzzy Hash: F531E372A0221AABDF24DF64EC85EAE7BA9EF40710F054168FC04D7254E735CD90CBA0

Function 009852C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001024,00000000,?), ref: 00985352
GetWindowLongW.USER32(?,000000F0), ref: 00985375
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00985382
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009853A8

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: LongWindow$InvalidateMessageRectSend
String ID:
API String ID: 3340791633-0
Opcode ID: 1841f09892a2b19167c390ddb65a58994172fb4665555c8f1e3b87db74792b32
Instruction ID: bfb2a0d8eda31b015eca125a876160221ac6066f4841e35bec22c79e765c8dc0
Opcode Fuzzy Hash: 1841f09892a2b19167c390ddb65a58994172fb4665555c8f1e3b87db74792b32
Instruction Fuzzy Hash: 8631D070A59A08FFEB34BA14CC05FE83769AB053D1F594003FA10963E1C7B49E48EB51

Function 0095AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,7694C0D0,?,00008000), ref: 0095ABF1
SetKeyboardState.USER32(00000080,?,00008000), ref: 0095AC0D
PostMessageW.USER32(00000000,00000101,00000000), ref: 0095AC74
SendInput.USER32(00000001,?,0000001C,7694C0D0,?,00008000), ref: 0095ACC6

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 75f26dee463005ea04c9e81726d809f491fbf3400c41450f1249fd80bb8bdcec
Instruction ID: 24b1945002e504c11afff10affec73dcc37021e3d1f61194cf0e3314d1519893
Opcode Fuzzy Hash: 75f26dee463005ea04c9e81726d809f491fbf3400c41450f1249fd80bb8bdcec
Instruction Fuzzy Hash: 94314C309043186FFF34CB66CC057FA7BA96B85312F04471AE8C5561D0C3388D899756

Function 00987674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 0098769A
GetWindowRect.USER32(?,?), ref: 00987710
PtInRect.USER32(?,?,00988B89), ref: 00987720
MessageBeep.USER32(00000000), ref: 0098778C

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: d6482f104581596ae37334fa4f8ef55254541fb02d9db6c4226be807a110c647
Instruction ID: cfc9d2289b35d4f11e72fc7c3c918b9761ef6aeb2941395f64899c91b97735de
Opcode Fuzzy Hash: d6482f104581596ae37334fa4f8ef55254541fb02d9db6c4226be807a110c647
Instruction Fuzzy Hash: 88418B74A09215DFCB01EF98D894EA9B7F9FB4A314F2940A8E8149B361D730E941DF90

Function 009816DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 009816EB

Part of subcall function 00953A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00953A57
Part of subcall function 00953A3D: GetCurrentThreadId.KERNEL32 ref: 00953A5E
Part of subcall function 00953A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,009525B3), ref: 00953A65

GetCaretPos.USER32(?), ref: 009816FF
ClientToScreen.USER32(00000000,?), ref: 0098174C
GetForegroundWindow.USER32 ref: 00981752

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: 4168879bded1baf2afb789803f1c70de1f0bdf3e256a2e5ef09178a301412751
Instruction ID: 673945510bd894ad0fb54a1e60e1b00cf137f59b61e3598e5a683ccebf5297b2
Opcode Fuzzy Hash: 4168879bded1baf2afb789803f1c70de1f0bdf3e256a2e5ef09178a301412751
Instruction Fuzzy Hash: 0B310C75D00149AFDB00EFA9C9819AEBBFDEF88304B5480A9E515E7311EA319E45CBA1

Function 0095DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 008F7620: _wcslen.LIBCMT ref: 008F7625

_wcslen.LIBCMT ref: 0095DFCB
_wcslen.LIBCMT ref: 0095DFE2
_wcslen.LIBCMT ref: 0095E00D
GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0095E018

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _wcslen$ExtentPoint32Text
String ID:
API String ID: 3763101759-0
Opcode ID: 82c0fabfe2b5b27c8992d9929844d674cea6a2835c3bd92e62ddf47ffd178509
Instruction ID: 9d6494fd8378af559d1d035990f5353f525e2e1546706cba768b6af38df5ae05
Opcode Fuzzy Hash: 82c0fabfe2b5b27c8992d9929844d674cea6a2835c3bd92e62ddf47ffd178509
Instruction Fuzzy Hash: BC21B571900218AFCB20EFA8D982BAEB7F8EF85750F144065ED05FB281D7749E40CBA1

Function 0095D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0095D501
Process32FirstW.KERNEL32(00000000,?), ref: 0095D50F
Process32NextW.KERNEL32(00000000,?), ref: 0095D52F
CloseHandle.KERNEL32(00000000), ref: 0095D5DC

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: b8a0d14cf8d4d1c9e739b505db589338fa0a18b7e130519a0a5d0fa3fa6f607e
Instruction ID: bf9138cfed5796f20722fcebdc03813c5d4258faa7e37286ebc2f97b2cf1331d
Opcode Fuzzy Hash: b8a0d14cf8d4d1c9e739b505db589338fa0a18b7e130519a0a5d0fa3fa6f607e
Instruction Fuzzy Hash: 223181711083049FD314EF64C885ABFBBE8FF99354F14092DF585862A1EB719A49CBA3

Function 00988FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2

GetCursorPos.USER32(?), ref: 00989001
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00947711,?,?,?,?,?), ref: 00989016
GetCursorPos.USER32(?), ref: 0098905E
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00947711,?,?,?), ref: 00989094

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: 2d81639d7ca2b967cb42146a4173df693249c183f44d59f17c2dc9bfed8a0026
Instruction ID: 06bc5e821ccca8144496c80a555e642b6931c727189fdb326b13936d18504e56
Opcode Fuzzy Hash: 2d81639d7ca2b967cb42146a4173df693249c183f44d59f17c2dc9bfed8a0026
Instruction Fuzzy Hash: 5021A135615018EFCB259F94CC58FFA7BB9EF8A350F184065F906573A2C3359990EB60

Function 0095D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,0098CB68), ref: 0095D2FB
GetLastError.KERNEL32 ref: 0095D30A
CreateDirectoryW.KERNEL32(?,00000000), ref: 0095D319
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0098CB68), ref: 0095D376

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: 64a6fe5891efd7d5b29f448e5b5c2267434c0413fc50e0684ac772f8cb7acd8e
Instruction ID: 8b12a7d00c89dc418254c4a9a4409f4a7da61f9fc0393d8596fcec890458f08f
Opcode Fuzzy Hash: 64a6fe5891efd7d5b29f448e5b5c2267434c0413fc50e0684ac772f8cb7acd8e
Instruction Fuzzy Hash: A021717050A2019FC720DF39C88186AB7E8FE96369F104A1DF899C72A1D731D949CB93

Function 00951571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00951014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0095102A
Part of subcall function 00951014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00951036
Part of subcall function 00951014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00951045
Part of subcall function 00951014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0095104C
Part of subcall function 00951014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00951062

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 009515BE
_memcmp.LIBVCRUNTIME ref: 009515E1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00951617
HeapFree.KERNEL32(00000000), ref: 0095161E

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: 4cf0bbc9ad0cd7bfea8a5ed001321b0a2aa1a878e95a806d3eb206e66bbdb397
Instruction ID: 41e61a77ae2d8f84fd8820e80d9b66d6f2a8a0070d444fed230a19fcf0f32a4b
Opcode Fuzzy Hash: 4cf0bbc9ad0cd7bfea8a5ed001321b0a2aa1a878e95a806d3eb206e66bbdb397
Instruction Fuzzy Hash: 1E21AC71E41109EFDF04DFA5C949BEEB7B8EF84346F084459E851AB241E730AE49DBA0

Function 00982782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 0098280A
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00982824
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00982832
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00982840

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: b7a4b2838bb22dedc183a3ce56990f8adf3d9ac317655b8a4b95eaa6e84e1520
Instruction ID: 13d0a19b88c7336a2b7af9c1205c2a465b005337871ab9ca1cd026e917637e40
Opcode Fuzzy Hash: b7a4b2838bb22dedc183a3ce56990f8adf3d9ac317655b8a4b95eaa6e84e1520
Instruction Fuzzy Hash: DB21D335208115AFDB14AB24C844FAA7B99EF85324F148158F426CB7E2CB75FC42CB90

Function 009578F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00958D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0095790A,?,000000FF,?,00958754,00000000,?,0000001C,?,?), ref: 00958D8C
Part of subcall function 00958D7D: lstrcpyW.KERNEL32(00000000,?,?,0095790A,?,000000FF,?,00958754,00000000,?,0000001C,?,?,00000000), ref: 00958DB2
Part of subcall function 00958D7D: lstrcmpiW.KERNEL32(00000000,?,0095790A,?,000000FF,?,00958754,00000000,?,0000001C,?,?), ref: 00958DE3

lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00958754,00000000,?,0000001C,?,?,00000000), ref: 00957923
lstrcpyW.KERNEL32(00000000,?,?,00958754,00000000,?,0000001C,?,?,00000000), ref: 00957949
lstrcmpiW.KERNEL32(00000002,cdecl,?,00958754,00000000,?,0000001C,?,?,00000000), ref: 00957984

Strings

cdecl, xrefs: 0095797B

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: e5871f73bce078d3400264ff53b6086fc492df2f9577d9048846f4cff961a2aa
Instruction ID: 5b98936ba4da8b6b4cb9f939b8e8996e7af7ed002a9cfe018ce522e48faad871
Opcode Fuzzy Hash: e5871f73bce078d3400264ff53b6086fc492df2f9577d9048846f4cff961a2aa
Instruction Fuzzy Hash: 3911067A204241AFCB159F76E854E7BB7A9FF85391B00402AFC02C73A4EB319905D761

Function 00987CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 00987D0B
SetWindowLongW.USER32(00000000,000000F0,?), ref: 00987D2A
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00987D42
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0096B7AD,00000000), ref: 00987D6B

Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: baaa3c912c189ce6eba8884e565516e6a5ca48eda8caff06bf25742666333168
Instruction ID: bc328e2643f0246b9b4d77133f47c0f560c5984bac6f849678e1a5d153df6b6d
Opcode Fuzzy Hash: baaa3c912c189ce6eba8884e565516e6a5ca48eda8caff06bf25742666333168
Instruction Fuzzy Hash: AF11D232518615AFCB10AF68DC04E667BA8AF463A0B254724F836D73F0E730C950DB50

Function 00985660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001060,?,00000004), ref: 009856BB
_wcslen.LIBCMT ref: 009856CD
_wcslen.LIBCMT ref: 009856D8
SendMessageW.USER32(?,00001002,00000000,?), ref: 00985816

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend_wcslen
String ID:
API String ID: 455545452-0
Opcode ID: 6810ce33b46de4353ea31fd0392117991523b52a63404da39c08e5621eff4ba1
Instruction ID: ebbe27ca580dde4fc481153484b44c27d7792a3224d421eafec38a9c23ed7d90
Opcode Fuzzy Hash: 6810ce33b46de4353ea31fd0392117991523b52a63404da39c08e5621eff4ba1
Instruction Fuzzy Hash: 49112275A14608A6DF20FFB1CC81BEE77ACEF41760F50442AF915D6291EB74CA88CB60

Function 00921D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e04d8fc966a309f34fd9d94919af179abcb3db5b472ff0b8909ccb8be4e55b36
Instruction ID: 17e387f6c0cfa4a675419819424dcc05358bbe17b0e3700db3821084986b689c
Opcode Fuzzy Hash: e04d8fc966a309f34fd9d94919af179abcb3db5b472ff0b8909ccb8be4e55b36
Instruction Fuzzy Hash: C6018BB220962ABFF6212A787CC1F67661CDFA13B8B300725F521A12DADB608C615270

Function 00951A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00951A47
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00951A59
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00951A6F
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00951A8A

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 00c2085503c1bc1a6c5e06f7cd7b6e87a0dae37e4bfc29d6648c3e3960e20d08
Instruction ID: 1a0c4aecf5b4ed8a477b96a2e33cbc51e06365c3614bc2882268f6c1d9bde56c
Opcode Fuzzy Hash: 00c2085503c1bc1a6c5e06f7cd7b6e87a0dae37e4bfc29d6648c3e3960e20d08
Instruction Fuzzy Hash: 3B11097AD01219FFEF11DBA5CD85FADBB78EB08750F2004A1EA04B7290D6716E50DB94

Function 0095E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0095E1FD
MessageBoxW.USER32(?,?,?,?), ref: 0095E230
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0095E246
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0095E24D

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: 99497bca0428ab73771e7bda6bb14168281e715a3f57365057a2bd76552c700b
Instruction ID: cac9a326164f2e65424e7f7f7f4fd77337667c72ef7b112baee1a1d6931d4242
Opcode Fuzzy Hash: 99497bca0428ab73771e7bda6bb14168281e715a3f57365057a2bd76552c700b
Instruction Fuzzy Hash: 71112BB6D18254BBC705DFA9AC09E9E7FACDB45315F004255F824E3391D6B1CE0497B0

Function 0091D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,0091CFF9,00000000,00000004,00000000), ref: 0091D218
GetLastError.KERNEL32 ref: 0091D224
__dosmaperr.LIBCMT ref: 0091D22B
ResumeThread.KERNEL32(00000000), ref: 0091D249

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr
String ID:
API String ID: 173952441-0
Opcode ID: a79d4216e6e1dd42535d64c638c2e6af3dc4e39c91b0eee50761da2effc95699
Instruction ID: 17742e6856a80f3ffae12c2da417ae443b97c96bed071538283fa2444dc2f648
Opcode Fuzzy Hash: a79d4216e6e1dd42535d64c638c2e6af3dc4e39c91b0eee50761da2effc95699
Instruction Fuzzy Hash: FD01D276A0A20CBBDB115BA5EC09BEA7B6DDFC1330F200619F935962D0DB718981D7A0

Function 00989EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 00909BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00909BB2

GetClientRect.USER32(?,?), ref: 00989F31
GetCursorPos.USER32(?), ref: 00989F3B
ScreenToClient.USER32(?,?), ref: 00989F46
DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00989F7A

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: efdee91bdeeb6d9018bd6dc31c52232040d0ad5206d575ab19d2271687777429
Instruction ID: e8672ab89945315e4f0a63fa70fbae95b96df52f79c4f2442173b507f75d6392
Opcode Fuzzy Hash: efdee91bdeeb6d9018bd6dc31c52232040d0ad5206d575ab19d2271687777429
Instruction Fuzzy Hash: 0111487290411AABDB15EFA8D845EFE77B9FB45311F140455FA12E3241D330BE81DBA1

Function 008F600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 008F604C
GetStockObject.GDI32(00000011), ref: 008F6060
SendMessageW.USER32(00000000,00000030,00000000), ref: 008F606A

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: fe49bb8f6622d5b03f1d0ebb75fbb9cf000907805f0ce705a125cc9d873736c6
Instruction ID: 3544d3054a592387e3a4a1797544bd9e2e9f297c57503c1dbe04471b102584d8
Opcode Fuzzy Hash: fe49bb8f6622d5b03f1d0ebb75fbb9cf000907805f0ce705a125cc9d873736c6
Instruction Fuzzy Hash: 92115EB251590DBFEF124FA49C44EFA7B69FF59364F140215FA15A2110EB329C60ABA0

Function 00913B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 00913B56

Part of subcall function 00913AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00913AD2
Part of subcall function 00913AA3: ___AdjustPointer.LIBCMT ref: 00913AED

_UnwindNestedFrames.LIBCMT ref: 00913B6B
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00913B7C
CallCatchBlock.LIBVCRUNTIME ref: 00913BA4

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction ID: ab225d26cf8885078d2c5b6e28bc2b8f4c4e9edac4b87a83c7b27aa6575b89aa
Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction Fuzzy Hash: 5001D77220014DBBDF125E95CC46EEB7BBDEF98754F048014FE5866121D632E9A1DBA0

Function 00923073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,008F13C6,00000000,00000000,?,0092301A,008F13C6,00000000,00000000,00000000,?,0092328B,00000006,FlsSetValue), ref: 009230A5
GetLastError.KERNEL32(?,0092301A,008F13C6,00000000,00000000,00000000,?,0092328B,00000006,FlsSetValue,00992290,FlsSetValue,00000000,00000364,?,00922E46), ref: 009230B1
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0092301A,008F13C6,00000000,00000000,00000000,?,0092328B,00000006,FlsSetValue,00992290,FlsSetValue,00000000), ref: 009230BF

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: e1ae863c497aa9813aef9da8498527212256144494221c5dda6a587b13e80bc3
Instruction ID: 3c2b63dceb4ce8e7f8dc003ddaa674bf3c1262fca3ff172566873a849a839857
Opcode Fuzzy Hash: e1ae863c497aa9813aef9da8498527212256144494221c5dda6a587b13e80bc3
Instruction Fuzzy Hash: A0012B72799236ABCB314B78BC44A577B9CEF45B61B108A24F916E3284D739D901C7F0

Function 00957464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0095747F
LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00957497
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 009574AC
RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 009574CA

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: 8b2d17b2f1b11ab93f932cb18dbd3652880f9db5635c7147cebbf550444af75a
Instruction ID: 66ef4e29a22fb66bf4b258785f4f741c81df8d546847970d1f4fbe7b198cf713
Opcode Fuzzy Hash: 8b2d17b2f1b11ab93f932cb18dbd3652880f9db5635c7147cebbf550444af75a
Instruction Fuzzy Hash: 2911A5B12093149BE720CFA5EC08F92BBFDEB00701F108959AD16D6261D774EA48DB61

Function 0095B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0095ACD3,?,00008000), ref: 0095B0C4
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0095ACD3,?,00008000), ref: 0095B0E9
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0095ACD3,?,00008000), ref: 0095B0F3
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0095ACD3,?,00008000), ref: 0095B126

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: a58510e6016aa81731ef3cd399d127c5c726bbef1cd621e12f954851935eca8b
Instruction ID: 2a675e43fb107eb9530ef1fa28c28597ea771a092735eb61db5e8d58e078c08d
Opcode Fuzzy Hash: a58510e6016aa81731ef3cd399d127c5c726bbef1cd621e12f954851935eca8b
Instruction Fuzzy Hash: 4B118B70C0992CEBCF00EFE6E9A86EEBB78FF09312F004485D941B2285CB3446549B61

Function 00987E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00987E33
ScreenToClient.USER32(?,?), ref: 00987E4B
ScreenToClient.USER32(?,?), ref: 00987E6F
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00987E8A

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: 378a242db15ecf7963947585524f3c9e07a082317017e70f3b68d534696be1f0
Instruction ID: d54761cfad32a1ed63b1aeb6b0360eec7ef1eee9378eeacb234fd646081de4a9
Opcode Fuzzy Hash: 378a242db15ecf7963947585524f3c9e07a082317017e70f3b68d534696be1f0
Instruction Fuzzy Hash: 821143B9D0420AAFDB41DF98C884AEEBBF9FF08310F505066E925E2310D735AA54DF60

Function 00952DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00952DC5
GetWindowThreadProcessId.USER32(?,00000000), ref: 00952DD6
GetCurrentThreadId.KERNEL32 ref: 00952DDD
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00952DE4

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: 7abec88dea846af222d30cabc2b936f0ef6c12bb8504906a28ab425d0044032f
Instruction ID: bec1a087ea192c3cc22c3b83c4e184e5a505cf22c7f6c84aed0ed01c8add527e
Opcode Fuzzy Hash: 7abec88dea846af222d30cabc2b936f0ef6c12bb8504906a28ab425d0044032f
Instruction Fuzzy Hash: 82E092B11192247BD7205B73AC0DFEB3E6CEF43BA2F000125F906D5180AAB4C844D7B0

Function 00988863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00909639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00909693
Part of subcall function 00909639: SelectObject.GDI32(?,00000000), ref: 009096A2
Part of subcall function 00909639: BeginPath.GDI32(?), ref: 009096B9
Part of subcall function 00909639: SelectObject.GDI32(?,00000000), ref: 009096E2

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00988887
LineTo.GDI32(?,?,?), ref: 00988894
EndPath.GDI32(?), ref: 009888A4
StrokePath.GDI32(?), ref: 009888B2

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: f10f9cb5d68365d6bb7837d7c21470ee41f35510999ac0340f950461d44bfd59
Instruction ID: e8759d15d890786c774881f84a387e8676ab0f16e2cf0b162298bc434f51ecc5
Opcode Fuzzy Hash: f10f9cb5d68365d6bb7837d7c21470ee41f35510999ac0340f950461d44bfd59
Instruction Fuzzy Hash: 5CF03436059258BAEB126F94AC0AFCA3A69AF06350F448000FA11652E2C7B95521EBB9

Function 009098B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 009098CC
SetTextColor.GDI32(?,?), ref: 009098D6
SetBkMode.GDI32(?,00000001), ref: 009098E9
GetStockObject.GDI32(00000005), ref: 009098F1

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Color$ModeObjectStockText
String ID:
API String ID: 4037423528-0
Opcode ID: 6189864b6a044c24e34f3c691dfcb11f13e7bc23973e594669f817d3b35149ca
Instruction ID: 96df6c3188ca0321ff280907479290a5434d25c444a6a9580b1c4920b211022b
Opcode Fuzzy Hash: 6189864b6a044c24e34f3c691dfcb11f13e7bc23973e594669f817d3b35149ca
Instruction Fuzzy Hash: 80E0927125C284AEDF215BB4FC0DBE87F25EB12336F04821AF6FA581E1C3714640AB20

Function 0095162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00951634
OpenThreadToken.ADVAPI32(00000000,?,?,?,009511D9), ref: 0095163B
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,009511D9), ref: 00951648
OpenProcessToken.ADVAPI32(00000000,?,?,?,009511D9), ref: 0095164F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: 36b8077c8525aa106d063ad2ee7296f13f212b261ecfa81f9c4ffab57f735710
Instruction ID: 012fc4cbd8795f45b9dc87706a25020454c99addb8b3bbce4638efd43d14367f
Opcode Fuzzy Hash: 36b8077c8525aa106d063ad2ee7296f13f212b261ecfa81f9c4ffab57f735710
Instruction Fuzzy Hash: FEE08CB2616211EBDB201FB1AE0DB863B7CAF457D2F158808F645D9080E7348445EB70

Function 0094D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 0094D858
GetDC.USER32(00000000), ref: 0094D862
GetDeviceCaps.GDI32(00000000,0000000C), ref: 0094D882
ReleaseDC.USER32(?), ref: 0094D8A3

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: c53bce7c7ca8471575938164a94b17205786a6c8c82b08eb52018930aaec9e87
Instruction ID: 8f4b8e94aa055d14ee70648726e13b1a8280b2c921033c3b6e1c10c377cbf777
Opcode Fuzzy Hash: c53bce7c7ca8471575938164a94b17205786a6c8c82b08eb52018930aaec9e87
Instruction Fuzzy Hash: 34E0E5B481420ADFCB419FB09908A6DBBB5FB08310B108419E906E7350DB385901AF60

Function 0094D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 0094D86C
GetDC.USER32(00000000), ref: 0094D876
GetDeviceCaps.GDI32(00000000,0000000C), ref: 0094D882
ReleaseDC.USER32(?), ref: 0094D8A3

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: fbdca6288d8bebaba0e76d0cef7cb5dd02ab82272e235a21c542a7c2e28e6df9
Instruction ID: fd0291b8dfabff0bae55936bb9191f8e9513ce5b36bcb1200296a8f79cc819d0
Opcode Fuzzy Hash: fbdca6288d8bebaba0e76d0cef7cb5dd02ab82272e235a21c542a7c2e28e6df9
Instruction Fuzzy Hash: DCE012B481820AEFCF40AFB0E80C66DBBB5FB08310B108418E90AE7350DB385A01AF60

Function 00964D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 008F7620: _wcslen.LIBCMT ref: 008F7625

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00964ED4

Strings

*, xrefs: 00964E10
LPT, xrefs: 00964DFB

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: 8f7042a7cd1ba4d70953354c354a979549f3e560e8d2b28b240a03d869fb7cdd
Instruction ID: 8ea3d9c143c3efb2f7d9f87cbe2edbc5c7292b8a9d8e3929f0730f2c72815037
Opcode Fuzzy Hash: 8f7042a7cd1ba4d70953354c354a979549f3e560e8d2b28b240a03d869fb7cdd
Instruction Fuzzy Hash: 8F915275A002049FDB15DF98C484EAABBF5FF48304F158099E40A9F3A2D775ED85CB91

Function 0090E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 0090E1B1

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 237162136cbc198cb4fcb8585b048393c34e1ad6076e603609c2bf3d38b1f1eb
Instruction ID: 31f4df7fe3a96229e7a8f5aa20ab1ce5e39fe139484d68240e532954aa80ab4f
Opcode Fuzzy Hash: 237162136cbc198cb4fcb8585b048393c34e1ad6076e603609c2bf3d38b1f1eb
Instruction Fuzzy Hash: 0851217590424ADFDF15DF38C481AFA7BA8FF55320F244869E8A19B2D0E7349D42CBA1

Function 0090F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 0090F2A2
GlobalMemoryStatusEx.KERNEL32(?), ref: 0090F2BB

Strings

@, xrefs: 0090F2AF

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: 8d46d530e2220ee174de0b90f4511e487112dfe400c63a5ada0e6daff14d75f1
Instruction ID: d795ceae74dbeeccf37f8d0cb584fedb2696554c860dc1811447dab1ecc4bcc5
Opcode Fuzzy Hash: 8d46d530e2220ee174de0b90f4511e487112dfe400c63a5ada0e6daff14d75f1
Instruction Fuzzy Hash: CB51297141C7499BD320AF28D886BABB7F8FF85300F81485DF29981195EF708929CB67

Function 00975745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 009757E0
_wcslen.LIBCMT ref: 009757EC

Strings

CALLARGARRAY, xrefs: 009757E6, 009757EB

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: BuffCharUpper_wcslen
String ID: CALLARGARRAY
API String ID: 157775604-1150593374
Opcode ID: 680235e7177dd106452eb720c4e092b6e48cbed2d49c04339e611dd9c15daa1e
Instruction ID: 7f3338abf4a04f89edc9bb3665c959d0d3ff16c7f63f5dc43016870eacde8246
Opcode Fuzzy Hash: 680235e7177dd106452eb720c4e092b6e48cbed2d49c04339e611dd9c15daa1e
Instruction Fuzzy Hash: 3B419371A001099FCB14DFA9C8819FEBBF5FF99310F11842DE509A72A1E7709D81CB51

Function 0096D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0096D130
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0096D13A

Strings

|, xrefs: 0096D10B

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CrackInternet_wcslen
String ID: |
API String ID: 596671847-2343686810
Opcode ID: 331c989dd873a6fbefff887715c2e7816b8e17e7767b8b4b2d759e4a868c1772
Instruction ID: 1bed8a1b01fb11d0eceddd3d788e1703b399e73c523a18166ca3a1b1192699aa
Opcode Fuzzy Hash: 331c989dd873a6fbefff887715c2e7816b8e17e7767b8b4b2d759e4a868c1772
Instruction Fuzzy Hash: 28315B71D01209EBCF15EFA4CC85AEEBFB9FF05340F100019F929A6162E775AA56CB61

Function 0098356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00983621
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0098365C

Strings

static, xrefs: 009835BC

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: 36872ec8306fa7783daef71e10400d27ed878a3b0fde13e59a394891a6ea68ac
Instruction ID: ea42e8e4fd8365cdfd35a9800fdbce7287fd21597b5b8144ffce3f3b8abaf54b
Opcode Fuzzy Hash: 36872ec8306fa7783daef71e10400d27ed878a3b0fde13e59a394891a6ea68ac
Instruction Fuzzy Hash: C5318D71110604AEDB10AF38DC81FBB73ADFF88B24F108619F9A5D7280DA30AD91D760

Function 00984537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0098461F
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00984634

Strings

', xrefs: 0098458E

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: 4187a97a6c0e83310beeaf8b7da391403585112d26f6f0cf918b079862a1428f
Instruction ID: 96ddbabe6f928e5a2d48743e68f447cdd547ab4b88c522344211c7bedc18f873
Opcode Fuzzy Hash: 4187a97a6c0e83310beeaf8b7da391403585112d26f6f0cf918b079862a1428f
Instruction Fuzzy Hash: 313107B5A0130A9FDB14DFA9C990BDE7BB9FF49300F14406AE905AB351E770A941CF90

Function 009831EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0098327C
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00983287

Strings

Combobox, xrefs: 00983249

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: cf9fd00450809dcd7508a8846a7c7aad2460ae4ced4b69cfe1fa5bce763772f1
Instruction ID: 3b03bf2874f9b37f91dc30add8ff93246e730919e364207220c447dafa288de6
Opcode Fuzzy Hash: cf9fd00450809dcd7508a8846a7c7aad2460ae4ced4b69cfe1fa5bce763772f1
Instruction Fuzzy Hash: 7411B2713142087FEF21AE94DC84EBB376EEB94764F108228F92897391D6719D519760

Function 00983710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 008F600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 008F604C
Part of subcall function 008F600E: GetStockObject.GDI32(00000011), ref: 008F6060
Part of subcall function 008F600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 008F606A

GetWindowRect.USER32(00000000,?), ref: 0098377A
GetSysColor.USER32(00000012), ref: 00983794

Strings

static, xrefs: 00983757

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 1c917142dc48f47a3eb8fa5d25128f08f13fe65fc145db8125d4b84260fe3593
Instruction ID: a2082e8973abcb2a87b57fa896f57216d0f44dddb763ac7fe9ec08f80a657432
Opcode Fuzzy Hash: 1c917142dc48f47a3eb8fa5d25128f08f13fe65fc145db8125d4b84260fe3593
Instruction Fuzzy Hash: 6C1129B2620209AFDF00EFA8CC45EEA7BB8FB08714F004915F955E2250E735E8619B60

Function 0096CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0096CD7D
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0096CDA6

Strings

<local>, xrefs: 0096CD66

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: 64069c899b007880f7252609f6b90c8f830a5ae72c0bc6e6ffd876cad583e543
Instruction ID: bd3c4750255f1f01b60ee81caca878ba836d07175d49b921d79b9b32ed945c61
Opcode Fuzzy Hash: 64069c899b007880f7252609f6b90c8f830a5ae72c0bc6e6ffd876cad583e543
Instruction Fuzzy Hash: 0311C2F1215631BAD7385B66CC59EF7BEACEF127A4F00462AB189931C0D7789844D6F0

Function 00983429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 009834AB
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 009834BA

Strings

edit, xrefs: 0098348F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: 13489c394a2e49a24a1e056cf5380dea8da22effa0867dc407c138cf120306ac
Instruction ID: 1ca14d66cbe081b116c07c50e9c69f77280910809e0681a68ed7456ed93f2ee7
Opcode Fuzzy Hash: 13489c394a2e49a24a1e056cf5380dea8da22effa0867dc407c138cf120306ac
Instruction Fuzzy Hash: 27116D71114108AAEB11AE74DC44EBB376EEF45B78F508724F961932E0C775DC519760

Function 00956C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

CharUpperBuffW.USER32(?,?,?), ref: 00956CB6
_wcslen.LIBCMT ref: 00956CC2

Strings

STOP, xrefs: 00956CBC, 00956CC1

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: cd01b4487dab485540aed31df06509c3249e73cff0e9f3d71bbf16d2d7442e80
Instruction ID: 14adbba58f055e68d8eb2944127743572f0d362345391351dcef9371db94f0f4
Opcode Fuzzy Hash: cd01b4487dab485540aed31df06509c3249e73cff0e9f3d71bbf16d2d7442e80
Instruction Fuzzy Hash: 4401A13261052A8ACB21DFBEDC809BF77B9FA61721B910924ED9297190EB31D948C750

Function 00951CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

Part of subcall function 00953CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00953CCA

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00951D4C

Strings

ComboBox, xrefs: 00951CEB
ListBox, xrefs: 00951D16

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 0f1bcc1598e88e43a4d62dc98dc07c5c8427b3244f20f45298438edbfe6d171e
Instruction ID: 22a9ecdf103a3a97cedb466ba2ab96f3089a2da346bf608a789ab41a4cc18bfe
Opcode Fuzzy Hash: 0f1bcc1598e88e43a4d62dc98dc07c5c8427b3244f20f45298438edbfe6d171e
Instruction Fuzzy Hash: 0D01B571611218AB8B08EFA5DD51AFE7778FB46390B140919EC62972C1EA31590C8761

Function 00951BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

Part of subcall function 00953CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00953CCA

SendMessageW.USER32(?,00000180,00000000,?), ref: 00951C46

Strings

ComboBox, xrefs: 00951BE5
ListBox, xrefs: 00951C10

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 74b9ced0a4e3789588719a081ae1edac8d836b46be0dfe4e1f59945605b7161b
Instruction ID: 0e041cd306fe9a75f3413220e0363a3eec641de79099e3bcd692bf9887bf9188
Opcode Fuzzy Hash: 74b9ced0a4e3789588719a081ae1edac8d836b46be0dfe4e1f59945605b7161b
Instruction Fuzzy Hash: F301A77569110867CB04EBA5CA52BFF77ACEF51381F140429ED86A7281EA259F0CC7B2

Function 00951C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

Part of subcall function 00953CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00953CCA

SendMessageW.USER32(?,00000182,?,00000000), ref: 00951CC8

Strings

ComboBox, xrefs: 00951C69
ListBox, xrefs: 00951C94

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 66532058d5d6b2fb9f2f40840b45ee018ba21b8e70f60afbe3fc0182abd980a2
Instruction ID: 4c29afa0db323a82977d59e4463ac7e97fc9464c96a0cea6a7eb11c4deac2a7e
Opcode Fuzzy Hash: 66532058d5d6b2fb9f2f40840b45ee018ba21b8e70f60afbe3fc0182abd980a2
Instruction Fuzzy Hash: 7301D6B169011867CB04EBA6CB01BFE77ACAB11381F140025FD82B3281EA229F0CC772

Function 00951D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008F9CB3: _wcslen.LIBCMT ref: 008F9CBD

Part of subcall function 00953CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00953CCA

SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00951DD3

Strings

ComboBox, xrefs: 00951D75
ListBox, xrefs: 00951DA0

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 408f31f54d4da484029248a21e67f2b326958373105b0b44fc7f09082b9fc169
Instruction ID: 0dc40bf92dc1f4eea676b349f9b3fd7feb0b7dcfb622a1c06de00fd78e0324ee
Opcode Fuzzy Hash: 408f31f54d4da484029248a21e67f2b326958373105b0b44fc7f09082b9fc169
Instruction Fuzzy Hash: 26F0A471A5121866DB04EBAACD52BFE777CFB41395F140915FD62A32C1EA705A0C8361

Function 0097747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00977493
_wcslen.LIBCMT ref: 009774B9

Strings

3, 3, 16, 1, xrefs: 00977483

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: _wcslen
String ID: 3, 3, 16, 1
API String ID: 176396367-3042988571
Opcode ID: e47b12b56198d3a8f803b909378ce4acf3c28cf2e5030b6b50dff23a5278e1e2
Instruction ID: 80e454fdc6e569a1daffd2da640591341c9c407cfb55ee7af9fbfd628692703e
Opcode Fuzzy Hash: e47b12b56198d3a8f803b909378ce4acf3c28cf2e5030b6b50dff23a5278e1e2
Instruction Fuzzy Hash: 37E02B0330422010923112BAACC1BBFD6CEDFC9BA0714182BF989C227AEA948DD193A1

Function 00950B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00950B23

Strings

Error allocating memory., xrefs: 00950B1C
AutoIt, xrefs: 00950B17

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: 3b817c53e6df850200e950066e383f0f3048d532307bc5885e46394100187af2
Instruction ID: 928877737139526581e62a3b51fadf2b8f7de3cf487fc83ab2412a1bcee59deb
Opcode Fuzzy Hash: 3b817c53e6df850200e950066e383f0f3048d532307bc5885e46394100187af2
Instruction Fuzzy Hash: 7EE0D8312443082AD22437547C03FC97A889F45B25F10046AFB98955C38BE2259007F9

Function 00910D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 0090F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00910D71,?,?,?,008F100A), ref: 0090F7CE

IsDebuggerPresent.KERNEL32(?,?,?,008F100A), ref: 00910D75
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,008F100A), ref: 00910D84

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00910D7F

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: 3863ab1c735eb72976b37e0d093c1cab099185947a847b1f84cf47860eb588b8
Instruction ID: 2d29323f5dae0e8305ad9a1612bb3faddf4af80de28a4937e3e89bc0ac109939
Opcode Fuzzy Hash: 3863ab1c735eb72976b37e0d093c1cab099185947a847b1f84cf47860eb588b8
Instruction Fuzzy Hash: 47E06DB42007418FD730AFB8E8047867BE4AB44744F00492DE492C6796DBF5E4888BA1

Function 00963017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0096302F
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00963044

Strings

aut, xrefs: 00963038

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: a67567246d815241e4767bfc28aba45169ac67f93ecd914ec600757f8bcd4c23
Instruction ID: 2789f4f293c8f8a8d8710d1c6e2fb5eafee741a731a6838dab4b7df644087e1a
Opcode Fuzzy Hash: a67567246d815241e4767bfc28aba45169ac67f93ecd914ec600757f8bcd4c23
Instruction Fuzzy Hash: 28D05EB250032877DA20A7A4AC0EFCB3A6CDB04760F4002A1B665E21D5DAB4E984CBE0

Function 0094D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 0094D220

Strings

%.3d, xrefs: 0094D22B
X64, xrefs: 0094D2A8

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: fc7efd437a4ebb271f335ad786764679794143b54cc934bdf1a21f20f88c3f13
Instruction ID: 47adb95af9bc898325e7caa2c558851bc285e5e11a43507b14d3a0639339b623
Opcode Fuzzy Hash: fc7efd437a4ebb271f335ad786764679794143b54cc934bdf1a21f20f88c3f13
Instruction Fuzzy Hash: 39D012B580A109EACB9096D0DC49DB9B3BCBB48301F508852F82AA1080E67CD508AB61

Function 00982322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0098232C
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0098233F

Part of subcall function 0095E97B: Sleep.KERNEL32 ref: 0095E9F3

Strings

Shell_TrayWnd, xrefs: 00982325

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 27ced19c64cde970d9af23399b5714a75b1d8a85a16012f8acdf1e93227df57e
Instruction ID: f5bd01ae0b6ff5f8f089e1ac575c6c32258afd342f674b8a2a331fb2b7ed7d1b
Opcode Fuzzy Hash: 27ced19c64cde970d9af23399b5714a75b1d8a85a16012f8acdf1e93227df57e
Instruction Fuzzy Hash: 24D022723A8300B7E768B330DC1FFC67A049B40B10F0009167705AA2D0C8F0B805CB24

Function 00982356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0098236C
PostMessageW.USER32(00000000), ref: 00982373

Part of subcall function 0095E97B: Sleep.KERNEL32 ref: 0095E9F3

Strings

Shell_TrayWnd, xrefs: 00982365

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: e55356411eaed190f73f5ee504c5b8a97c7268a9911386a310f237ded3302a09
Instruction ID: f70ef938a8b0b06d519b20ff707650e8afcf26d39ec48fd02b9a74eea4f46211
Opcode Fuzzy Hash: e55356411eaed190f73f5ee504c5b8a97c7268a9911386a310f237ded3302a09
Instruction Fuzzy Hash: CBD0A9723983007AE668A330DC0FFC666049B40B10F0009167601AA2D0C8B0B8058B28

Function 0092BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0092BE93
GetLastError.KERNEL32 ref: 0092BEA1
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0092BEFC

Memory Dump Source

Source File: 00000000.00000002.3375146479.00000000008F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000000.00000002.3375122559.00000000008F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.000000000098C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375208328.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375262657.00000000009BC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3375282786.00000000009C4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8f0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 6fa0579ae6d3322aa6cac83c9350e13f60f49867fd5bca9b2e8df915c6d36a3a
Instruction ID: 915d56fb31a3bfd5aeb303a507fcdd1fb5aef8cffac40ff36ab090cb17464b1a
Opcode Fuzzy Hash: 6fa0579ae6d3322aa6cac83c9350e13f60f49867fd5bca9b2e8df915c6d36a3a
Instruction Fuzzy Hash: 38413A35604226AFCF21AF64ED54BFA7BE9EF41320F154169F969972A9DB308C00DB60

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 96

Chrome Cache Entry: 97

Static File Info

General

File Icon

Windows Analysis Report
file.exe

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre